Commit Graph

14 Commits

Author SHA1 Message Date
Kirill Elagin
865abfa609
wireguard: Enable tools on other platforms
Wireguard is now split into two pretty much independent packages:
`wireguard` (Linux-specific kernel module) and `wireguard-tools`,
which is cross-platform.
2018-05-19 01:17:26 +03:00
Nikolay Amiantov
7c90a86770 wireguard service: use scripts instead of ExecStarts/Stops
This is more in line with what other services do; also looks cleaner.
It changes configuration entries for pre-and post-hooks type to lines from
lists of strings which are more logical for them; coersion is provided for
backwards compatibility.

Finally, add several steps to improve robustness:

1. Load kernel module on start if not loaded;
2. Don't remove wireguard interface on start; it is removed on service stop. If
   it's not something is wrong.
2018-04-22 13:33:11 -05:00
Franz Pletz
711303952e
wireguard module: add device name environment var
This makes the interface name available as an environment variable for
the pre/post hooks.
2017-11-05 16:42:25 +01:00
Joerg Thalheim
194c4002b6 wireguard: fix function for adding routes 2017-09-25 20:42:03 +01:00
Andreas Rammhold
846070e028
networking.wireguard: added allowedIpsAsRoutes boolean to control peer routes
Sometimes (especially in the default route case) it is required to NOT
add routes for all allowed IP ranges. One might run it's own custom
routing on-top of wireguard and only use the wireguard addresses to
exchange prefixes with the remote host.
2017-09-25 21:30:52 +02:00
evujumenuk
eaab02b94f wireguard: convert "table" to an interface option
Do the right thing, and use multiple interfaces for policy routing. For example, WireGuard interfaces do not allow multiple routes for the same CIDR range.
2017-08-08 01:45:19 +02:00
evujumenuk
6070d91e93 wireguard: remove "table" option from example
Most users will be served well by the default "table" setting ("main").
2017-08-04 21:00:45 +02:00
evujumenuk
e355f7044d wireguard: add per-peer routing table option
This adds a convenient per-peer option to set the routing table that associated routes are added to. This functionality is very useful for isolating interfaces from the kernel's global routing and forcing all traffic of a virtual interface (or a group of processes, via e.g. "ip rule add uidrange 10000-10009 lookup 42") through Wireguard.
2017-08-04 18:30:53 +02:00
Aristid Breitkreuz
63190540a8 wireguard: sometimes module tries to re-add the default route, which fails - use replace to make it succeed 2017-07-23 23:08:39 +02:00
Aristid Breitkreuz
9b0ff955fd wireguard: allow not storing private keys in world-readable /nix/store (#27433)
* wireguard: allow not storing private keys in world-readable /nix/store
2017-07-17 23:55:31 +02:00
Jason A. Donenfeld
6e50243d98 wireguard: preshared-key is now an attribute of the peer
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-09 16:58:39 +02:00
michael bishop
e5cefadef7 fix indentation in several nixos option descriptions 2016-12-16 18:29:25 +01:00
lbonn
288e75c5f9 wireguard: remove dependency on ip-up.target
It was deprecated and removed from all modules in the tree by #18319.

The wireguard module PR (#17933) was still in the review at the time and
the deprecated usage managed to slip inside.
2016-12-01 00:11:16 +01:00
Eric Sagnes
0bd263ecc3
wireguard: add module
fixes #17933
2016-10-06 09:41:38 +02:00