summary refs log tree commit diff
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2023-05-15 12:36:00 +0200
committertv <tv@krebsco.de>2023-05-16 10:28:24 +0200
commit50b845c5a64af3cb42c37f3d75c3758cc96e1729 (patch)
tree3ae4bca6cd56ce94a46e9c8e1d857ce905627fb0
parentcff89b3bffd420f1b9ca47c9c74a79953f0abeca (diff)
downloadnixpkgs-50b845c5a64af3cb42c37f3d75c3758cc96e1729.tar
nixpkgs-50b845c5a64af3cb42c37f3d75c3758cc96e1729.tar.gz
nixpkgs-50b845c5a64af3cb42c37f3d75c3758cc96e1729.tar.bz2
nixpkgs-50b845c5a64af3cb42c37f3d75c3758cc96e1729.tar.lz
nixpkgs-50b845c5a64af3cb42c37f3d75c3758cc96e1729.tar.xz
nixpkgs-50b845c5a64af3cb42c37f3d75c3758cc96e1729.tar.zst
nixpkgs-50b845c5a64af3cb42c37f3d75c3758cc96e1729.zip
nixos/wireguard: allow customizing peer unit name
Diffstat
-rw-r--r--nixos/modules/services/networking/wireguard.nix29


1 files changed, 19 insertions, 10 deletions
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix
index 8b025228cc1..21473388d76 100644
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -170,10 +170,22 @@ let
 
   # peer options
 
-  peerOpts = {
+  peerOpts = self: {
 
     options = {
 
+      name = mkOption {
+        default =
+          replaceStrings
+            [ "/" "-"     " "     "+"     "="     ]
+            [ "-" "\\x2d" "\\x20" "\\x2b" "\\x3d" ]
+            self.config.publicKey;
+        defaultText = literalExpression "publicKey";
+        example = "bernd";
+        type = types.str;
+        description = lib.mdDoc "Name used to derive peer unit name.";
+      };
+
       publicKey = mkOption {
         example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
         type = types.singleLineStr;
@@ -313,15 +325,11 @@ let
         '';
       };
 
-  peerUnitServiceName = interfaceName: publicKey: dynamicRefreshEnabled:
+  peerUnitServiceName = interfaceName: peerName: dynamicRefreshEnabled:
     let
-      keyToUnitName = replaceStrings
-        [ "/" "-"    " "     "+"     "="      ]
-        [ "-" "\\x2d" "\\x20" "\\x2b" "\\x3d" ];
-      unitName = keyToUnitName publicKey;
       refreshSuffix = optionalString dynamicRefreshEnabled "-refresh";
     in
-      "wireguard-${interfaceName}-peer-${unitName}${refreshSuffix}";
+      "wireguard-${interfaceName}-peer-${peerName}${refreshSuffix}";
 
   generatePeerUnit = { interfaceName, interfaceCfg, peer }:
     let
@@ -337,10 +345,11 @@ let
       # We generate a different name (a `-refresh` suffix) when `dynamicEndpointRefreshSeconds`
       # to avoid that the same service switches `Type` (`oneshot` vs `simple`),
       # with the intent to make scripting more obvious.
-      serviceName = peerUnitServiceName interfaceName peer.publicKey dynamicRefreshEnabled;
+      serviceName = peerUnitServiceName interfaceName peer.name dynamicRefreshEnabled;
     in nameValuePair serviceName
       {
-        description = "WireGuard Peer - ${interfaceName} - ${peer.publicKey}";
+        description = "WireGuard Peer - ${interfaceName} - ${peer.name}"
+          + optionalString (peer.name != peer.publicKey) " (${peer.publicKey})";
         requires = [ "wireguard-${interfaceName}.service" ];
         wants = [ "network-online.target" ];
         after = [ "wireguard-${interfaceName}.service" "network-online.target" ];
@@ -418,7 +427,7 @@ let
   # the target is required to start new peer units when they are added
   generateInterfaceTarget = name: values:
     let
-      mkPeerUnit = peer: (peerUnitServiceName name peer.publicKey (peer.dynamicEndpointRefreshSeconds != 0)) + ".service";
+      mkPeerUnit = peer: (peerUnitServiceName name peer.name (peer.dynamicEndpointRefreshSeconds != 0)) + ".service";
     in
     nameValuePair "wireguard-${name}"
       rec {

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-17 22:50:35 +0000