Official NixOS Wiki

WireGuard: Difference between revisions

← Older editNewer edit →
imported>Mohe2015
VisualWikitext
imported>2x
Add troubleshooting entry for persistentKeepalive+privateKeyFile
imported>Mohe2015
Use *KeyFile for systemd-networkd to prevent leaking keys into the Nix Store.
Line 250: Line 250:
           Name = "wg0";
           Name = "wg0";
         };
         };
         # See also man systemd.netdev
         # See also man systemd.netdev (also contains info on the permissions of the key files)
         extraConfig = ''
         extraConfig = ''
           [WireGuard]
           [WireGuard]
           # Currently, the private key must be world readable, as the resulting netdev file will reside in the Nix store.
           # Don't use a file from the Nix store as these are world readable.
           PrivateKey=EMlybyTmXI/4z311xU9S3m82mC2OOMRfRM0Okiik83o=
           PrivateKeyFile=/run/keys/wireguard-privkey
           ListenPort=9918
           ListenPort=9918


Retrieved from "https://wiki.nixos.org/wiki/WireGuard"