nixos/wireguard: allow customizing peer unit name

2024-11-11 04:02:55 +03:00 · 2023-05-15 12:36:00 +02:00 · 2023-05-15 12:36:00 +02:00 · 50b845c5a6
commit 50b845c5a6
parent cff89b3bff
1 changed files with 19 additions and 10 deletions
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@ -170,10 +170,22 @@ let

  # peer options

-  peerOpts = {
+  peerOpts = self: {

    options = {

+      name = mkOption {
+        default =
+          replaceStrings
+            [ "/" "-"     " "     "+"     "="     ]
+            [ "-" "\\x2d" "\\x20" "\\x2b" "\\x3d" ]
+            self.config.publicKey;
+        defaultText = literalExpression "publicKey";
+        example = "bernd";
+        type = types.str;
+        description = lib.mdDoc "Name used to derive peer unit name.";
+      };
+
      publicKey = mkOption {
        example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
        type = types.singleLineStr;
@ -313,15 +325,11 @@ let
        '';
      };

-  peerUnitServiceName = interfaceName: publicKey: dynamicRefreshEnabled:
+  peerUnitServiceName = interfaceName: peerName: dynamicRefreshEnabled:
    let
-      keyToUnitName = replaceStrings
-        [ "/" "-"    " "     "+"     "="      ]
-        [ "-" "\\x2d" "\\x20" "\\x2b" "\\x3d" ];
-      unitName = keyToUnitName publicKey;
      refreshSuffix = optionalString dynamicRefreshEnabled "-refresh";
    in
-      "wireguard-${interfaceName}-peer-${unitName}${refreshSuffix}";
+      "wireguard-${interfaceName}-peer-${peerName}${refreshSuffix}";

  generatePeerUnit = { interfaceName, interfaceCfg, peer }:
    let
@ -337,10 +345,11 @@ let
      # We generate a different name (a `-refresh` suffix) when `dynamicEndpointRefreshSeconds`
      # to avoid that the same service switches `Type` (`oneshot` vs `simple`),
      # with the intent to make scripting more obvious.
-      serviceName = peerUnitServiceName interfaceName peer.publicKey dynamicRefreshEnabled;
+      serviceName = peerUnitServiceName interfaceName peer.name dynamicRefreshEnabled;
    in nameValuePair serviceName
      {
-        description = "WireGuard Peer - ${interfaceName} - ${peer.publicKey}";
+        description = "WireGuard Peer - ${interfaceName} - ${peer.name}"
+          + optionalString (peer.name != peer.publicKey) " (${peer.publicKey})";
        requires = [ "wireguard-${interfaceName}.service" ];
        wants = [ "network-online.target" ];
        after = [ "wireguard-${interfaceName}.service" "network-online.target" ];
@ -418,7 +427,7 @@ let
  # the target is required to start new peer units when they are added
  generateInterfaceTarget = name: values:
    let
-      mkPeerUnit = peer: (peerUnitServiceName name peer.publicKey (peer.dynamicEndpointRefreshSeconds != 0)) + ".service";
+      mkPeerUnit = peer: (peerUnitServiceName name peer.name (peer.dynamicEndpointRefreshSeconds != 0)) + ".service";
    in
    nameValuePair "wireguard-${name}"
      rec {