From 6e50243d989475bc642963cccc70e0d4cf45cc8c Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Tue, 9 May 2017 16:58:39 +0200
Subject: wireguard: preshared-key is now an attribute of the peer

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 nixos/modules/services/networking/wireguard.nix | 26 ++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix
index 368d89e2e32e..62ff708d244c 100644
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -27,18 +27,6 @@ let
         description = "Base64 private key generated by wg genkey.";
       };
 
-      presharedKey = mkOption {
-        default = null;
-        example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I=";
-        type = with types; nullOr str;
-        description = ''
-          base64 preshared key generated by wg genpsk. Optional,
-          and may be omitted. This option adds an additional layer of
-          symmetric-key cryptography to be mixed into the already existing
-          public-key  cryptography, for post-quantum resistance.
-        '';
-      };
-
       listenPort = mkOption {
         default = null;
         type = with types; nullOr int;
@@ -98,6 +86,18 @@ let
         description = "The base64 public key the peer.";
       };
 
+      presharedKey = mkOption {
+        default = null;
+        example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I=";
+        type = with types; nullOr str;
+        description = ''
+          base64 preshared key generated by wg genpsk. Optional,
+          and may be omitted. This option adds an additional layer of
+          symmetric-key cryptography to be mixed into the already existing
+          public-key cryptography, for post-quantum resistance.
+        '';
+      };
+
       allowedIPs = mkOption {
         example = [ "10.192.122.3/32" "10.192.124.1/24" ];
         type = with types; listOf str;
@@ -137,12 +137,12 @@ let
   generateConf = name: values: pkgs.writeText "wireguard-${name}.conf" ''
     [Interface]
     PrivateKey = ${values.privateKey}
-    ${optionalString (values.presharedKey != null) "PresharedKey = ${values.presharedKey}"}
     ${optionalString (values.listenPort != null)   "ListenPort = ${toString values.listenPort}"}
 
     ${concatStringsSep "\n\n" (map (peer: ''
     [Peer]
     PublicKey = ${peer.publicKey}
+    ${optionalString (peer.presharedKey != null) "PresharedKey = ${peer.presharedKey}"}
     ${optionalString (peer.allowedIPs != []) "AllowedIPs = ${concatStringsSep ", " peer.allowedIPs}"}
     ${optionalString (peer.endpoint != null) "Endpoint = ${peer.endpoint}"}
     ${optionalString (peer.persistentKeepalive != null) "PersistentKeepalive = ${toString peer.persistentKeepalive}"}
-- 
cgit 1.4.1