diff options
| author | Julien Lepiller <julien@lepiller.eu> | 2020-11-18 14:57:29 +0100 |
|---|---|---|
| committer | Julien Lepiller <julien@lepiller.eu> | 2020-11-18 15:05:41 +0100 |
| commit | 5221df34149465c5bbc1a76f83cb09f8911279f5 (patch) | |
| tree | 17cc9addbca67febd7eb5e91d3ccd2445d2a14a2 | |
| parent | 82df93e27c57f939c71d9bd184c70d21fa6f605f (diff) | |
| download | guix-5221df34149465c5bbc1a76f83cb09f8911279f5.tar.gz | |
gnu: vpn: Make ca, key and cert optional.
* gnu/services/vpn.scm (openvpn-client-configuration) (openvpn-server-configuration): Make ca, key an cert fields optional. * doc/guix.texi (VPN Services): Document the change.
| -rw-r--r-- | doc/guix.texi | 20 | ||||
| -rw-r--r-- | gnu/services/vpn.scm | 6 |
2 files changed, 17 insertions, 9 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 99068fccfa..d021384b73 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -24909,14 +24909,18 @@ Defaults to @samp{tun}. @end deftypevr -@deftypevr {@code{openvpn-client-configuration} parameter} string ca +If you do not have some of these files (eg.@: you use a username and +password), you can disable any of the following three fields by setting +it to @code{'disabled}. + +@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string ca The certificate authority to check connections against. Defaults to @samp{"/etc/openvpn/ca.crt"}. @end deftypevr -@deftypevr {@code{openvpn-client-configuration} parameter} string cert +@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string cert The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}. @@ -24924,7 +24928,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}. @end deftypevr -@deftypevr {@code{openvpn-client-configuration} parameter} string key +@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string key The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}. @@ -25060,14 +25064,18 @@ Defaults to @samp{tun}. @end deftypevr -@deftypevr {@code{openvpn-server-configuration} parameter} string ca +If you do not have some of these files (eg.@: you use a username and +password), you can disable any of the following three fields by setting +it to @code{'disabled}. + +@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string ca The certificate authority to check connections against. Defaults to @samp{"/etc/openvpn/ca.crt"}. @end deftypevr -@deftypevr {@code{openvpn-server-configuration} parameter} string cert +@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string cert The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}. @@ -25075,7 +25083,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}. @end deftypevr -@deftypevr {@code{openvpn-server-configuration} parameter} string key +@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string key The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}. diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 658d5c3e88..70f2617c7e 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -273,16 +273,16 @@ servers.") "The device type used to represent the VPN connection.") (ca - (string "/etc/openvpn/ca.crt") + (maybe-string "/etc/openvpn/ca.crt") "The certificate authority to check connections against.") (cert - (string "/etc/openvpn/client.crt") + (maybe-string "/etc/openvpn/client.crt") "The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}.") (key - (string "/etc/openvpn/client.key") + (maybe-string "/etc/openvpn/client.key") "The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}.") |