cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #93474 from tnias/fix20200719

Browse source
This commit is contained in:
Jörg Thalheim 2020-07-19 21:07:05 +01:00 committed by GitHub
commit 1c26e6baec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
nixos/modules/services/networking/wg-quick.nix
View file

@ -29,7 +29,7 @@ let
type = with types; nullOr str;
default = null;
description = ''
Base64 private key generated by wg genkey.
Base64 private key generated by <command>wg genkey</command>.
Warning: Consider using privateKeyFile instead if you do not
want to store the key in the world-readable Nix store.
@ -41,7 +41,7 @@ let
type = with types; nullOr str;
default = null;
description = ''
Private key file as generated by wg genkey.
Private key file as generated by <command>wg genkey</command>.
'';
};
@ -106,9 +106,9 @@ let
description = ''
The kernel routing table to add this interface's
associated routes to. Setting this is useful for e.g. policy routing
("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric
table IDs and table names (/etc/rt_tables) can be used. Defaults to
"main".
("ip rule") or virtual routing and forwarding ("ip vrf"). Both
numeric table IDs and table names (/etc/rt_tables) can be used.
Defaults to "main".
'';
};
@ -139,7 +139,7 @@ let
publicKey = mkOption {
example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
type = types.str;
description = "The base64 public key the peer.";
description = "The base64 public key to the peer.";
};
presharedKey = mkOption {
@ -147,8 +147,8 @@ let
example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I=";
type = with types; nullOr str;
description = ''
Base64 preshared key generated by wg genpsk. Optional,
and may be omitted. This option adds an additional layer of
Base64 preshared key generated by <commmand>wg genpsk</command>.
Optional, and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance.
@ -162,8 +162,8 @@ let
example = "/private/wireguard_psk";
type = with types; nullOr str;
description = ''
File pointing to preshared key as generated by wg pensk. Optional,
and may be omitted. This option adds an additional layer of
File pointing to preshared key as generated by <command>wg genpsk</command>.
Optional, and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance.
'';

15
nixos/modules/services/networking/wireguard.nix
View file

@ -91,11 +91,13 @@ let
table = mkOption {
default = "main";
type = types.str;
description = ''The kernel routing table to add this interface's
associated routes to. Setting this is useful for e.g. policy routing
("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric
table IDs and table names (/etc/rt_tables) can be used. Defaults to
"main".'';
description = ''
The kernel routing table to add this interface's
associated routes to. Setting this is useful for e.g. policy routing
("ip rule") or virtual routing and forwarding ("ip vrf"). Both
numeric table IDs and table names (/etc/rt_tables) can be used.
Defaults to "main".
'';
};
peers = mkOption {
@ -174,7 +176,7 @@ let
example = "/private/wireguard_psk";
type = with types; nullOr str;
description = ''
File pointing to preshared key as generated by <command>wg pensk</command>.
File pointing to preshared key as generated by <command>wg genpsk</command>.
Optional, and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance.
@ -217,7 +219,6 @@ let
};
generatePathUnit = name: values:
assert (values.privateKey == null);
assert (values.privateKeyFile != null);