public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

systemd-networkd: add support for wireguard netdev.

Browse Source
This commit is contained in:
David Guibert 2018-08-16 13:44:39 +02:00
parent 1f80baeed4
commit 7fd91a898b
1 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
nixos/modules/system/boot/networkd.nix
View File

@ -55,6 +55,20 @@ let
(assertMacAddress "MACAddress") (assertMacAddress "MACAddress")
]; ];
checkWireGuard = checkUnitConfig "WireGuard" [
(assertOnlyFields [
"PrivateKey" "PrivateKeyFile" "ListenPort" "FwMark"
])
#(assertRange "ListenPort" 1 65535) # Or "auto"
];
checkWireGuardPeer = checkUnitConfig "WireGuardPeer" [
(assertOnlyFields [
"PublicKey" "PresharedKey" "AllowedIPs" "Endpoint" "PersistentKeepalive"
])
# (assertRange "PersistentKeepalive" 1 65535) # defined as "nullOr int"
];
checkVlan = checkUnitConfig "VLAN" [ checkVlan = checkUnitConfig "VLAN" [
(assertOnlyFields ["Id" "GVRP" "MVRP" "LooseBinding" "ReorderHeader"]) (assertOnlyFields ["Id" "GVRP" "MVRP" "LooseBinding" "ReorderHeader"])
(assertRange "Id" 0 4094) (assertRange "Id" 0 4094)
@ -320,6 +334,29 @@ let
''; '';
}; };
wireguardConfig = mkOption {
default = {};
example = { ListenPort="auto"; };
type = types.addCheck (types.attrsOf unitOption) checkWireGuard;
description = ''
Each attribute in this set specifies an option in the
<literal>[WireGuard]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
wireguardPeers = mkOption {
default = [ ];
type = with types; listOf (submodule wireguardPeerOptions);
description = ''
Each attribute in this set specifies an option in the
<literal>[WireGuardPeer]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.netdev</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
vlanConfig = mkOption { vlanConfig = mkOption {
default = {}; default = {};
example = { Id = "4"; }; example = { Id = "4"; };
@ -450,6 +487,23 @@ let
}; };
}; };
wireguardPeerOptions = {
options = {
wireguardPeerConfig = mkOption {
default = {};
example = { };
type = types.addCheck (types.attrsOf unitOption) checkWireGuardPeer;
description = ''
Each attribute in this set specifies an option in the
<literal>[WireGuardPeer]</literal> section of the unit. See
<citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
'';
};
};
};
networkOptions = commonNetworkOptions // { networkOptions = commonNetworkOptions // {
networkConfig = mkOption { networkConfig = mkOption {
@ -732,6 +786,16 @@ let
${attrsToSection def.bondConfig} ${attrsToSection def.bondConfig}
''} ''}
${optionalString (def.wireguardConfig != { }) ''
[WireGuard]
${attrsToSection def.wireguardConfig}
''}
${flip concatMapStrings def.wireguardPeers (x: ''
[WireGuardPeer]
${attrsToSection x.wireguardPeerConfig}
'')}
${def.extraConfig} ${def.extraConfig}
''; '';
}; };