|
|
|
@ -27,18 +27,6 @@ let |
|
|
|
|
description = "Base64 private key generated by wg genkey."; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
presharedKey = mkOption { |
|
|
|
|
default = null; |
|
|
|
|
example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="; |
|
|
|
|
type = with types; nullOr str; |
|
|
|
|
description = '' |
|
|
|
|
base64 preshared key generated by wg genpsk. Optional, |
|
|
|
|
and may be omitted. This option adds an additional layer of |
|
|
|
|
symmetric-key cryptography to be mixed into the already existing |
|
|
|
|
public-key cryptography, for post-quantum resistance. |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
listenPort = mkOption { |
|
|
|
|
default = null; |
|
|
|
|
type = with types; nullOr int; |
|
|
|
@ -98,6 +86,18 @@ let |
|
|
|
|
description = "The base64 public key the peer."; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
presharedKey = mkOption { |
|
|
|
|
default = null; |
|
|
|
|
example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="; |
|
|
|
|
type = with types; nullOr str; |
|
|
|
|
description = '' |
|
|
|
|
base64 preshared key generated by wg genpsk. Optional, |
|
|
|
|
and may be omitted. This option adds an additional layer of |
|
|
|
|
symmetric-key cryptography to be mixed into the already existing |
|
|
|
|
public-key cryptography, for post-quantum resistance. |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
allowedIPs = mkOption { |
|
|
|
|
example = [ "10.192.122.3/32" "10.192.124.1/24" ]; |
|
|
|
|
type = with types; listOf str; |
|
|
|
@ -137,12 +137,12 @@ let |
|
|
|
|
generateConf = name: values: pkgs.writeText "wireguard-${name}.conf" '' |
|
|
|
|
[Interface] |
|
|
|
|
PrivateKey = ${values.privateKey} |
|
|
|
|
${optionalString (values.presharedKey != null) "PresharedKey = ${values.presharedKey}"} |
|
|
|
|
${optionalString (values.listenPort != null) "ListenPort = ${toString values.listenPort}"} |
|
|
|
|
|
|
|
|
|
${concatStringsSep "\n\n" (map (peer: '' |
|
|
|
|
[Peer] |
|
|
|
|
PublicKey = ${peer.publicKey} |
|
|
|
|
${optionalString (peer.presharedKey != null) "PresharedKey = ${peer.presharedKey}"} |
|
|
|
|
${optionalString (peer.allowedIPs != []) "AllowedIPs = ${concatStringsSep ", " peer.allowedIPs}"} |
|
|
|
|
${optionalString (peer.endpoint != null) "Endpoint = ${peer.endpoint}"} |
|
|
|
|
${optionalString (peer.persistentKeepalive != null) "PersistentKeepalive = ${toString peer.persistentKeepalive}"} |
|
|
|
|