kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

wireguard: preshared-key is now an attribute of the peer

Browse Source 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
wip/yesman
Jason A. Donenfeld 7 years ago
parent 00712bf472
commit 6e50243d98
1 changed files with 13 additions and 13 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 26
      nixos/modules/services/networking/wireguard.nix

26
nixos/modules/services/networking/wireguard.nix
Unescape View File

@ -27,18 +27,6 @@ let
description = "Base64 private key generated by wg genkey.";
};
presharedKey = mkOption {
default = null;
example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I=";
type = with types; nullOr str;
description = ''
base64 preshared key generated by wg genpsk. Optional,
and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance.
'';
};
listenPort = mkOption {
default = null;
type = with types; nullOr int;
@ -98,6 +86,18 @@ let
description = "The base64 public key the peer.";
};
presharedKey = mkOption {
default = null;
example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I=";
type = with types; nullOr str;
description = ''
base64 preshared key generated by wg genpsk. Optional,
and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance.
'';
};
allowedIPs = mkOption {
example = [ "10.192.122.3/32" "10.192.124.1/24" ];
type = with types; listOf str;
@ -137,12 +137,12 @@ let
generateConf = name: values: pkgs.writeText "wireguard-${name}.conf" ''
[Interface]
PrivateKey = ${values.privateKey}
${optionalString (values.presharedKey != null) "PresharedKey = ${values.presharedKey}"}
${optionalString (values.listenPort != null) "ListenPort = ${toString values.listenPort}"}
${concatStringsSep "\n\n" (map (peer: ''
[Peer]
PublicKey = ${peer.publicKey}
${optionalString (peer.presharedKey != null) "PresharedKey = ${peer.presharedKey}"}
${optionalString (peer.allowedIPs != []) "AllowedIPs = ${concatStringsSep ", " peer.allowedIPs}"}
${optionalString (peer.endpoint != null) "Endpoint = ${peer.endpoint}"}
${optionalString (peer.persistentKeepalive != null) "PersistentKeepalive = ${toString peer.persistentKeepalive}"}

Write Preview
Loading…
Cancel
Save