services: wireguard: Add keep-alive support.

* gnu/services/vpn.scm (<wireguard-peer>): Add 'keep-alive' field. (wireguard-configuration-file): Use it. * doc/guix.texi (VPN Services): Document it.
2021-04-20 13:29:44 +02:00 · 2021-04-20 13:29:44 +02:00 · 3313f61e18
parent 50d9bccb2f
commit 3313f61e18
2 changed files with 17 additions and 4 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -68,7 +68,7 @@ Copyright @copyright{} 2019 Ivan Petkov@*
 Copyright @copyright{} 2019 Jakob L. Kreuze@*
 Copyright @copyright{} 2019 Kyle Andrews@*
 Copyright @copyright{} 2019 Alex Griffin@*
-Copyright @copyright{} 2019, 2020 Guillaume Le Vaillant@*
+Copyright @copyright{} 2019, 2020, 2021 Guillaume Le Vaillant@*
 Copyright @copyright{} 2020 Leo Prikler@*
 Copyright @copyright{} 2019, 2020 Simon Tournier@*
 Copyright @copyright{} 2020 Wiktor Żelazny@*
@ -26999,6 +26999,12 @@ The peer public-key represented as a base64 string.
 A list of IP addresses from which incoming traffic for this peer is
 allowed and to which incoming traffic for this peer is directed.

+@item @code{keep-alive} (default: @code{#f})
+An optional time interval in seconds.  A packet will be sent to the
+server endpoint once per time interval.  This helps receiving
+incoming connections from this peer when you are behind a NAT or
+a firewall.
+
@end table
@end deftp

--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@ -2,6 +2,7 @@
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -537,7 +538,9 @@ is truncated and rewritten every minute.")
  (endpoint          wireguard-peer-endpoint
                     (default #f))     ;string
  (public-key        wireguard-peer-public-key)   ;string
-  (allowed-ips       wireguard-peer-allowed-ips)) ;list of strings
+  (allowed-ips       wireguard-peer-allowed-ips) ;list of strings
+  (keep-alive        wireguard-peer-keep-alive
+                     (default #f)))    ;integer

 (define-record-type* <wireguard-configuration>
  wireguard-configuration make-wireguard-configuration
@ -560,16 +563,20 @@ is truncated and rewritten every minute.")
    (let ((name (wireguard-peer-name peer))
          (public-key (wireguard-peer-public-key peer))
          (endpoint (wireguard-peer-endpoint peer))
-          (allowed-ips (wireguard-peer-allowed-ips peer)))
+          (allowed-ips (wireguard-peer-allowed-ips peer))
+          (keep-alive (wireguard-peer-keep-alive peer)))
      (format #f "[Peer] #~a
 PublicKey = ~a
 AllowedIPs = ~a
-~a"
+~a~a"
              name
              public-key
              (string-join allowed-ips ",")
              (if endpoint
                  (format #f "Endpoint = ~a\n" endpoint)
+                  "")
+              (if keep-alive
+                  (format #f "PersistentKeepalive = ~a\n" keep-alive)
                  "\n"))))

  (match-record config <wireguard-configuration>