diff options
| author | David Guibert <david.guibert@gmail.com> | 2018-08-16 13:44:39 +0200 |
|---|---|---|
| committer | David Guibert <david.guibert@gmail.com> | 2019-08-21 11:11:24 +0200 |
| commit | 7fd91a898b0d61f7c5e2d7c2b1fb5272c9b6d8af (patch) | |
| tree | 9354000a6a86ace55a10b452c5022ecdf1077d11 /nixos/modules/system/boot/networkd.nix | |
| parent | 1f80baeed4fa89f91f6829800c7911ccd32995ce (diff) | |
| download | nixpkgs-7fd91a898b0d61f7c5e2d7c2b1fb5272c9b6d8af.tar nixpkgs-7fd91a898b0d61f7c5e2d7c2b1fb5272c9b6d8af.tar.gz nixpkgs-7fd91a898b0d61f7c5e2d7c2b1fb5272c9b6d8af.tar.bz2 nixpkgs-7fd91a898b0d61f7c5e2d7c2b1fb5272c9b6d8af.tar.lz nixpkgs-7fd91a898b0d61f7c5e2d7c2b1fb5272c9b6d8af.tar.xz nixpkgs-7fd91a898b0d61f7c5e2d7c2b1fb5272c9b6d8af.tar.zst nixpkgs-7fd91a898b0d61f7c5e2d7c2b1fb5272c9b6d8af.zip | |
systemd-networkd: add support for wireguard netdev.
Diffstat (limited to 'nixos/modules/system/boot/networkd.nix')
| -rw-r--r-- | nixos/modules/system/boot/networkd.nix | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index d6b446e9ac2..2109b0cb159 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -55,6 +55,20 @@ let (assertMacAddress "MACAddress") ]; + checkWireGuard = checkUnitConfig "WireGuard" [ + (assertOnlyFields [ + "PrivateKey" "PrivateKeyFile" "ListenPort" "FwMark" + ]) + #(assertRange "ListenPort" 1 65535) # Or "auto" + ]; + + checkWireGuardPeer = checkUnitConfig "WireGuardPeer" [ + (assertOnlyFields [ + "PublicKey" "PresharedKey" "AllowedIPs" "Endpoint" "PersistentKeepalive" + ]) + # (assertRange "PersistentKeepalive" 1 65535) # defined as "nullOr int" + ]; + checkVlan = checkUnitConfig "VLAN" [ (assertOnlyFields ["Id" "GVRP" "MVRP" "LooseBinding" "ReorderHeader"]) (assertRange "Id" 0 4094) @@ -320,6 +334,29 @@ let ''; }; + wireguardConfig = mkOption { + default = {}; + example = { ListenPort="auto"; }; + type = types.addCheck (types.attrsOf unitOption) checkWireGuard; + description = '' + Each attribute in this set specifies an option in the + <literal>[WireGuard]</literal> section of the unit. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + ''; + }; + + wireguardPeers = mkOption { + default = [ ]; + type = with types; listOf (submodule wireguardPeerOptions); + description = '' + Each attribute in this set specifies an option in the + <literal>[WireGuardPeer]</literal> section of the unit. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + ''; + }; + vlanConfig = mkOption { default = {}; example = { Id = "4"; }; @@ -450,6 +487,23 @@ let }; }; + wireguardPeerOptions = { + options = { + wireguardPeerConfig = mkOption { + default = {}; + example = { }; + type = types.addCheck (types.attrsOf unitOption) checkWireGuardPeer; + description = '' + Each attribute in this set specifies an option in the + <literal>[WireGuardPeer]</literal> section of the unit. See + <citerefentry><refentrytitle>systemd.network</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + ''; + }; + }; + }; + + networkOptions = commonNetworkOptions // { networkConfig = mkOption { @@ -732,6 +786,16 @@ let ${attrsToSection def.bondConfig} ''} + ${optionalString (def.wireguardConfig != { }) '' + [WireGuard] + ${attrsToSection def.wireguardConfig} + + ''} + ${flip concatMapStrings def.wireguardPeers (x: '' + [WireGuardPeer] + ${attrsToSection x.wireguardPeerConfig} + + '')} ${def.extraConfig} ''; }; |