diff options
| author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2017-05-17 23:58:51 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-05-17 23:58:51 +0100 |
| commit | 64acaa1e2dcb73d19c91c97499a23c0c2f6f19a9 (patch) | |
| tree | 819f078903ba540fc9fafd8bd8df49477abd3364 /nixos | |
| parent | a4f772435ddbdb91fd4a55c724b53ed659969d4c (diff) | |
| parent | ef018d895563007df037a08381888f932d980f2d (diff) | |
| download | nixlib-64acaa1e2dcb73d19c91c97499a23c0c2f6f19a9.tar nixlib-64acaa1e2dcb73d19c91c97499a23c0c2f6f19a9.tar.gz nixlib-64acaa1e2dcb73d19c91c97499a23c0c2f6f19a9.tar.bz2 nixlib-64acaa1e2dcb73d19c91c97499a23c0c2f6f19a9.tar.lz nixlib-64acaa1e2dcb73d19c91c97499a23c0c2f6f19a9.tar.xz nixlib-64acaa1e2dcb73d19c91c97499a23c0c2f6f19a9.tar.zst nixlib-64acaa1e2dcb73d19c91c97499a23c0c2f6f19a9.zip | |
Merge pull request #25646 from zx2c4/wg-psk-change
wireguard: 0.0.20170421 -> 0.0.20170517
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/wireguard.nix | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 368d89e2e32e..62ff708d244c 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -27,18 +27,6 @@ let description = "Base64 private key generated by wg genkey."; }; - presharedKey = mkOption { - default = null; - example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="; - type = with types; nullOr str; - description = '' - base64 preshared key generated by wg genpsk. Optional, - and may be omitted. This option adds an additional layer of - symmetric-key cryptography to be mixed into the already existing - public-key cryptography, for post-quantum resistance. - ''; - }; - listenPort = mkOption { default = null; type = with types; nullOr int; @@ -98,6 +86,18 @@ let description = "The base64 public key the peer."; }; + presharedKey = mkOption { + default = null; + example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="; + type = with types; nullOr str; + description = '' + base64 preshared key generated by wg genpsk. Optional, + and may be omitted. This option adds an additional layer of + symmetric-key cryptography to be mixed into the already existing + public-key cryptography, for post-quantum resistance. + ''; + }; + allowedIPs = mkOption { example = [ "10.192.122.3/32" "10.192.124.1/24" ]; type = with types; listOf str; @@ -137,12 +137,12 @@ let generateConf = name: values: pkgs.writeText "wireguard-${name}.conf" '' [Interface] PrivateKey = ${values.privateKey} - ${optionalString (values.presharedKey != null) "PresharedKey = ${values.presharedKey}"} ${optionalString (values.listenPort != null) "ListenPort = ${toString values.listenPort}"} ${concatStringsSep "\n\n" (map (peer: '' [Peer] PublicKey = ${peer.publicKey} + ${optionalString (peer.presharedKey != null) "PresharedKey = ${peer.presharedKey}"} ${optionalString (peer.allowedIPs != []) "AllowedIPs = ${concatStringsSep ", " peer.allowedIPs}"} ${optionalString (peer.endpoint != null) "Endpoint = ${peer.endpoint}"} ${optionalString (peer.persistentKeepalive != null) "PersistentKeepalive = ${toString peer.persistentKeepalive}"} |