me
/
guix
Archived
1
0
Fork 0
Code

gnu: vpn: Make ca, key and cert optional. 

* gnu/services/vpn.scm (openvpn-client-configuration)
(openvpn-server-configuration): Make ca, key an cert fields optional.
* doc/guix.texi (VPN Services): Document the change.
master
Julien Lepiller 2020-11-18 14:57:29 +01:00
parent 82df93e27c
commit 5221df3414
No known key found for this signature in database
GPG Key ID: 53D457B2D636EE82
2 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
doc/guix.texi
View File

@ -24909,14 +24909,18 @@ Defaults to @samp{tun}.
@end deftypevr @end deftypevr
@deftypevr {@code{openvpn-client-configuration} parameter} string ca If you do not have some of these files (eg.@: you use a username and
password), you can disable any of the following three fields by setting
it to @code{'disabled}.
@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string ca
The certificate authority to check connections against. The certificate authority to check connections against.
Defaults to @samp{"/etc/openvpn/ca.crt"}. Defaults to @samp{"/etc/openvpn/ca.crt"}.
@end deftypevr @end deftypevr
@deftypevr {@code{openvpn-client-configuration} parameter} string cert @deftypevr {@code{openvpn-client-configuration} parameter} maybe-string cert
The certificate of the machine the daemon is running on. It should be The certificate of the machine the daemon is running on. It should be
signed by the authority given in @code{ca}. signed by the authority given in @code{ca}.
@ -24924,7 +24928,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}.
@end deftypevr @end deftypevr
@deftypevr {@code{openvpn-client-configuration} parameter} string key @deftypevr {@code{openvpn-client-configuration} parameter} maybe-string key
The key of the machine the daemon is running on. It must be the key whose The key of the machine the daemon is running on. It must be the key whose
certificate is @code{cert}. certificate is @code{cert}.
@ -25060,14 +25064,18 @@ Defaults to @samp{tun}.
@end deftypevr @end deftypevr
@deftypevr {@code{openvpn-server-configuration} parameter} string ca If you do not have some of these files (eg.@: you use a username and
password), you can disable any of the following three fields by setting
it to @code{'disabled}.
@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string ca
The certificate authority to check connections against. The certificate authority to check connections against.
Defaults to @samp{"/etc/openvpn/ca.crt"}. Defaults to @samp{"/etc/openvpn/ca.crt"}.
@end deftypevr @end deftypevr
@deftypevr {@code{openvpn-server-configuration} parameter} string cert @deftypevr {@code{openvpn-server-configuration} parameter} maybe-string cert
The certificate of the machine the daemon is running on. It should be The certificate of the machine the daemon is running on. It should be
signed by the authority given in @code{ca}. signed by the authority given in @code{ca}.
@ -25075,7 +25083,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}.
@end deftypevr @end deftypevr
@deftypevr {@code{openvpn-server-configuration} parameter} string key @deftypevr {@code{openvpn-server-configuration} parameter} maybe-string key
The key of the machine the daemon is running on. It must be the key whose The key of the machine the daemon is running on. It must be the key whose
certificate is @code{cert}. certificate is @code{cert}.

6
gnu/services/vpn.scm
View File

@ -273,16 +273,16 @@ servers.")
"The device type used to represent the VPN connection.") "The device type used to represent the VPN connection.")
(ca (ca
(string "/etc/openvpn/ca.crt") (maybe-string "/etc/openvpn/ca.crt")
"The certificate authority to check connections against.") "The certificate authority to check connections against.")
(cert (cert
(string "/etc/openvpn/client.crt") (maybe-string "/etc/openvpn/client.crt")
"The certificate of the machine the daemon is running on. It should be signed "The certificate of the machine the daemon is running on. It should be signed
by the authority given in @code{ca}.") by the authority given in @code{ca}.")
(key (key
(string "/etc/openvpn/client.key") (maybe-string "/etc/openvpn/client.key")
"The key of the machine the daemon is running on. It must be the key whose "The key of the machine the daemon is running on. It must be the key whose
certificate is @code{cert}.") certificate is @code{cert}.")