ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-07 07:26:13 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: vpn: Make ca, key and cert optional.

Browse source 
* gnu/services/vpn.scm (openvpn-client-configuration)
(openvpn-server-configuration): Make ca, key an cert fields optional.
* doc/guix.texi (VPN Services): Document the change.
This commit is contained in:
Julien Lepiller 2020-11-18 14:57:29 +01:00
parent 82df93e27c
commit 5221df3414
No known key found for this signature in database
GPG key ID: 53D457B2D636EE82
2 changed files with 17 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
doc/guix.texi
View file

@ -24909,14 +24909,18 @@ Defaults to @samp{tun}.
@end deftypevr
@deftypevr {@code{openvpn-client-configuration} parameter} string ca
If you do not have some of these files (eg.@: you use a username and
password), you can disable any of the following three fields by setting
it to @code{'disabled}.
@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string ca
The certificate authority to check connections against.
Defaults to @samp{"/etc/openvpn/ca.crt"}.
@end deftypevr
@deftypevr {@code{openvpn-client-configuration} parameter} string cert
@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string cert
The certificate of the machine the daemon is running on. It should be
signed by the authority given in @code{ca}.
@ -24924,7 +24928,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}.
@end deftypevr
@deftypevr {@code{openvpn-client-configuration} parameter} string key
@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string key
The key of the machine the daemon is running on. It must be the key whose
certificate is @code{cert}.
@ -25060,14 +25064,18 @@ Defaults to @samp{tun}.
@end deftypevr
@deftypevr {@code{openvpn-server-configuration} parameter} string ca
If you do not have some of these files (eg.@: you use a username and
password), you can disable any of the following three fields by setting
it to @code{'disabled}.
@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string ca
The certificate authority to check connections against.
Defaults to @samp{"/etc/openvpn/ca.crt"}.
@end deftypevr
@deftypevr {@code{openvpn-server-configuration} parameter} string cert
@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string cert
The certificate of the machine the daemon is running on. It should be
signed by the authority given in @code{ca}.
@ -25075,7 +25083,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}.
@end deftypevr
@deftypevr {@code{openvpn-server-configuration} parameter} string key
@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string key
The key of the machine the daemon is running on. It must be the key whose
certificate is @code{cert}.

6
gnu/services/vpn.scm
View file

@ -273,16 +273,16 @@ (define-split-configuration openvpn-client-configuration
"The device type used to represent the VPN connection.")
(ca
(string "/etc/openvpn/ca.crt")
(maybe-string "/etc/openvpn/ca.crt")
"The certificate authority to check connections against.")
(cert
(string "/etc/openvpn/client.crt")
(maybe-string "/etc/openvpn/client.crt")
"The certificate of the machine the daemon is running on. It should be signed
by the authority given in @code{ca}.")
(key
(string "/etc/openvpn/client.key")
(maybe-string "/etc/openvpn/client.key")
"The key of the machine the daemon is running on. It must be the key whose
certificate is @code{cert}.")