public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #93474 from tnias/fix20200719

Browse Source
This commit is contained in:
Jörg Thalheim 2020-07-19 21:07:05 +01:00 committed by GitHub
commit 1c26e6baec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nixos/modules/services/networking/wg-quick.nix
View File

@ -29,7 +29,7 @@ let
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
description = '' description = ''
Base64 private key generated by wg genkey. Base64 private key generated by <command>wg genkey</command>.
Warning: Consider using privateKeyFile instead if you do not Warning: Consider using privateKeyFile instead if you do not
want to store the key in the world-readable Nix store. want to store the key in the world-readable Nix store.
@ -41,7 +41,7 @@ let
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
description = '' description = ''
Private key file as generated by wg genkey. Private key file as generated by <command>wg genkey</command>.
''; '';
}; };
@ -106,9 +106,9 @@ let
description = '' description = ''
The kernel routing table to add this interface's The kernel routing table to add this interface's
associated routes to. Setting this is useful for e.g. policy routing associated routes to. Setting this is useful for e.g. policy routing
("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric ("ip rule") or virtual routing and forwarding ("ip vrf"). Both
table IDs and table names (/etc/rt_tables) can be used. Defaults to numeric table IDs and table names (/etc/rt_tables) can be used.
"main". Defaults to "main".
''; '';
}; };
@ -139,7 +139,7 @@ let
publicKey = mkOption { publicKey = mkOption {
example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
type = types.str; type = types.str;
description = "The base64 public key the peer."; description = "The base64 public key to the peer.";
}; };
presharedKey = mkOption { presharedKey = mkOption {
@ -147,8 +147,8 @@ let
example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="; example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I=";
type = with types; nullOr str; type = with types; nullOr str;
description = '' description = ''
Base64 preshared key generated by wg genpsk. Optional, Base64 preshared key generated by <commmand>wg genpsk</command>.
and may be omitted. This option adds an additional layer of Optional, and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance. public-key cryptography, for post-quantum resistance.
@ -162,8 +162,8 @@ let
example = "/private/wireguard_psk"; example = "/private/wireguard_psk";
type = with types; nullOr str; type = with types; nullOr str;
description = '' description = ''
File pointing to preshared key as generated by wg pensk. Optional, File pointing to preshared key as generated by <command>wg genpsk</command>.
and may be omitted. This option adds an additional layer of Optional, and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance. public-key cryptography, for post-quantum resistance.
''; '';

15
nixos/modules/services/networking/wireguard.nix
View File

@ -91,11 +91,13 @@ let
table = mkOption { table = mkOption {
default = "main"; default = "main";
type = types.str; type = types.str;
description = ''The kernel routing table to add this interface's description = ''
associated routes to. Setting this is useful for e.g. policy routing The kernel routing table to add this interface's
("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric associated routes to. Setting this is useful for e.g. policy routing
table IDs and table names (/etc/rt_tables) can be used. Defaults to ("ip rule") or virtual routing and forwarding ("ip vrf"). Both
"main".''; numeric table IDs and table names (/etc/rt_tables) can be used.
Defaults to "main".
'';
}; };
peers = mkOption { peers = mkOption {
@ -174,7 +176,7 @@ let
example = "/private/wireguard_psk"; example = "/private/wireguard_psk";
type = with types; nullOr str; type = with types; nullOr str;
description = '' description = ''
File pointing to preshared key as generated by <command>wg pensk</command>. File pointing to preshared key as generated by <command>wg genpsk</command>.
Optional, and may be omitted. This option adds an additional layer of Optional, and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance. public-key cryptography, for post-quantum resistance.
@ -217,7 +219,6 @@ let
}; };
generatePathUnit = name: values: generatePathUnit = name: values:
assert (values.privateKey == null); assert (values.privateKey == null);
assert (values.privateKeyFile != null); assert (values.privateKeyFile != null);