diff --git a/nixos/modules/services/networking/wg-quick.nix b/nixos/modules/services/networking/wg-quick.nix
index ff1bdeed9f48..90c2d3cd35c8 100644
--- a/nixos/modules/services/networking/wg-quick.nix
+++ b/nixos/modules/services/networking/wg-quick.nix
@@ -29,7 +29,7 @@ let
type = with types; nullOr str;
default = null;
description = ''
- Base64 private key generated by wg genkey.
+ Base64 private key generated by wg genkey.
Warning: Consider using privateKeyFile instead if you do not
want to store the key in the world-readable Nix store.
@@ -41,7 +41,7 @@ let
type = with types; nullOr str;
default = null;
description = ''
- Private key file as generated by wg genkey.
+ Private key file as generated by wg genkey.
'';
};
@@ -106,9 +106,9 @@ let
description = ''
The kernel routing table to add this interface's
associated routes to. Setting this is useful for e.g. policy routing
- ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric
- table IDs and table names (/etc/rt_tables) can be used. Defaults to
- "main".
+ ("ip rule") or virtual routing and forwarding ("ip vrf"). Both
+ numeric table IDs and table names (/etc/rt_tables) can be used.
+ Defaults to "main".
'';
};
@@ -139,7 +139,7 @@ let
publicKey = mkOption {
example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
type = types.str;
- description = "The base64 public key the peer.";
+ description = "The base64 public key to the peer.";
};
presharedKey = mkOption {
@@ -147,8 +147,8 @@ let
example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I=";
type = with types; nullOr str;
description = ''
- Base64 preshared key generated by wg genpsk. Optional,
- and may be omitted. This option adds an additional layer of
+ Base64 preshared key generated by wg genpsk.
+ Optional, and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance.
@@ -162,8 +162,8 @@ let
example = "/private/wireguard_psk";
type = with types; nullOr str;
description = ''
- File pointing to preshared key as generated by wg pensk. Optional,
- and may be omitted. This option adds an additional layer of
+ File pointing to preshared key as generated by wg genpsk.
+ Optional, and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance.
'';
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix
index e8f83f6dd8bf..e07020349cf4 100644
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -91,11 +91,13 @@ let
table = mkOption {
default = "main";
type = types.str;
- description = ''The kernel routing table to add this interface's
- associated routes to. Setting this is useful for e.g. policy routing
- ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric
- table IDs and table names (/etc/rt_tables) can be used. Defaults to
- "main".'';
+ description = ''
+ The kernel routing table to add this interface's
+ associated routes to. Setting this is useful for e.g. policy routing
+ ("ip rule") or virtual routing and forwarding ("ip vrf"). Both
+ numeric table IDs and table names (/etc/rt_tables) can be used.
+ Defaults to "main".
+ '';
};
peers = mkOption {
@@ -174,7 +176,7 @@ let
example = "/private/wireguard_psk";
type = with types; nullOr str;
description = ''
- File pointing to preshared key as generated by wg pensk.
+ File pointing to preshared key as generated by wg genpsk.
Optional, and may be omitted. This option adds an additional layer of
symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance.
@@ -217,7 +219,6 @@ let
};
-
generatePathUnit = name: values:
assert (values.privateKey == null);
assert (values.privateKeyFile != null);