services: wireguard: Add keep-alive support.

* gnu/services/vpn.scm (<wireguard-peer>): Add 'keep-alive' field.
  (wireguard-configuration-file): Use it.
* doc/guix.texi (VPN Services): Document it.
This commit is contained in:
Guillaume Le Vaillant 2021-04-20 13:29:44 +02:00
parent 50d9bccb2f
commit 3313f61e18
No known key found for this signature in database
GPG key ID: 6BE8208ADF21FE3F
2 changed files with 17 additions and 4 deletions

View file

@ -68,7 +68,7 @@ Copyright @copyright{} 2019 Ivan Petkov@*
Copyright @copyright{} 2019 Jakob L. Kreuze@*
Copyright @copyright{} 2019 Kyle Andrews@*
Copyright @copyright{} 2019 Alex Griffin@*
Copyright @copyright{} 2019, 2020 Guillaume Le Vaillant@*
Copyright @copyright{} 2019, 2020, 2021 Guillaume Le Vaillant@*
Copyright @copyright{} 2020 Leo Prikler@*
Copyright @copyright{} 2019, 2020 Simon Tournier@*
Copyright @copyright{} 2020 Wiktor Żelazny@*
@ -26999,6 +26999,12 @@ The peer public-key represented as a base64 string.
A list of IP addresses from which incoming traffic for this peer is
allowed and to which incoming traffic for this peer is directed.
@item @code{keep-alive} (default: @code{#f})
An optional time interval in seconds. A packet will be sent to the
server endpoint once per time interval. This helps receiving
incoming connections from this peer when you are behind a NAT or
a firewall.
@end table
@end deftp

View file

@ -2,6 +2,7 @@
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -537,7 +538,9 @@ (define-record-type* <wireguard-peer>
(endpoint wireguard-peer-endpoint
(default #f)) ;string
(public-key wireguard-peer-public-key) ;string
(allowed-ips wireguard-peer-allowed-ips)) ;list of strings
(allowed-ips wireguard-peer-allowed-ips) ;list of strings
(keep-alive wireguard-peer-keep-alive
(default #f))) ;integer
(define-record-type* <wireguard-configuration>
wireguard-configuration make-wireguard-configuration
@ -560,16 +563,20 @@ (define (peer->config peer)
(let ((name (wireguard-peer-name peer))
(public-key (wireguard-peer-public-key peer))
(endpoint (wireguard-peer-endpoint peer))
(allowed-ips (wireguard-peer-allowed-ips peer)))
(allowed-ips (wireguard-peer-allowed-ips peer))
(keep-alive (wireguard-peer-keep-alive peer)))
(format #f "[Peer] #~a
PublicKey = ~a
AllowedIPs = ~a
~a"
~a~a"
name
public-key
(string-join allowed-ips ",")
(if endpoint
(format #f "Endpoint = ~a\n" endpoint)
"")
(if keep-alive
(format #f "PersistentKeepalive = ~a\n" keep-alive)
"\n"))))
(match-record config <wireguard-configuration>