pyrox.dev / nixpkgs
lol
fork atom

nixos/wireguard: make publicKeys singleLineStrs

using readFile instead of fileContents (or using indented strings) can
leave a trailing newline that causes build errors in systemd units and
has previously caused runtime errors in wireguard scripts. use
singleLineStr to strip a trailing newline if it exists, and to fail if
more than one is present.

pennae 047bd73c f080d593

options
unified split
Changed files
+3 -2
nixos
modules
services
networking
wireguard.nix
tests
wireguard
snakeoil-keys.nix
+1 -1
nixos/modules/services/networking/wireguard.nix 
···

       
176

       
 

       



     

       
177

       
 

       
      publicKey = mkOption {


     

       
178

       
 

       
        example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";


     

       
179

       
-

       
        type = types.str;


     

       
180

       
 

       
        description = lib.mdDoc "The base64 public key of the peer.";


     

       
181

       
 

       
      };


     

       
182

       
 

       



     
···

       
176

       
 

       



     

       
177

       
 

       
      publicKey = mkOption {


     

       
178

       
 

       
        example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";


     

       
179

       
+

       
        type = types.singleLineStr;


     

       
180

       
 

       
        description = lib.mdDoc "The base64 public key of the peer.";


     

       
181

       
 

       
      };


     

       
182
+2 -1
nixos/tests/wireguard/snakeoil-keys.nix 
···

       
6

       
 

       



     

       
7

       
 

       
  peer1 = {


     

       
8

       
 

       
    privateKey = "uO8JVo/sanx2DOM0L9GUEtzKZ82RGkRnYgpaYc7iXmg=";


     

       
9

       
-

       
    publicKey = "Ks9yRJIi/0vYgRmn14mIOQRwkcUGBujYINbMpik2SBI=";


     

       

       

       
     

       
10

       
 

       
  };


     

       
11

       
 

       
}


     
···

       
6

       
 

       



     

       
7

       
 

       
  peer1 = {


     

       
8

       
 

       
    privateKey = "uO8JVo/sanx2DOM0L9GUEtzKZ82RGkRnYgpaYc7iXmg=";


     

       
9

       
+

       
    # readFile'd keys may have trailing newlines, emulate this


     

       
10

       
+

       
    publicKey = "Ks9yRJIi/0vYgRmn14mIOQRwkcUGBujYINbMpik2SBI=\n";


     

       
11

       
 

       
  };


     

       
12

       
 

       
}