Rosenpass

Rosenpass is a formally verified, post-quantum secure VPN that uses WireGuard to transport the actual data.

Options

programs.rosenpass

programs.rosenpass.enable

Whether to enable rosenpass.

Type:: boolean
Default:: false

services.rosenpass

services.rosenpass.defaultDevice

Name of the network interface to use for all peers by default.

Type:: null or string

services.rosenpass.enable

Whether to enable Rosenpass.

Type:: boolean
Default:: false

services.rosenpass.package

The rosenpass package to use.

Type:: package
Default:: pkgs.rosenpass

services.rosenpass.settings

Configuration for Rosenpass, see https://rosenpass.eu/ for further information.

Type:: TOML value
Default:: { }

services.rosenpass.settings.listen

List of local endpoints to listen for connections.

Type:: list of string
Default:: [ ]

services.rosenpass.settings.peers

List of peers to exchange keys with.

Type:: list of (TOML value)
Default:: [ ]

services.rosenpass.settings.peers.*.device

Name of the local WireGuard interface to use for this peer.

Type:: string
Default:: config.services.rosenpass.defaultDevice

services.rosenpass.settings.peers.*.endpoint

Endpoint of the remote Rosenpass peer.

Type:: null or string
Default:: null

services.rosenpass.settings.peers.*.peer

WireGuard public key corresponding to the remote Rosenpass peer.

Type:: string

services.rosenpass.settings.peers.*.public_key

Path to a file containing the public key of the remote Rosenpass peer.

Type:: absolute path

services.rosenpass.settings.public_key

Path to a file containing the public key of the local Rosenpass peer. Generate this by running {command}rosenpass gen-keys.

Type:: absolute path

services.rosenpass.settings.secret_key

Path to a file containing the secret key of the local Rosenpass peer. Generate this by running {command}rosenpass gen-keys.

Type:: absolute path

services.rosenpass.settings.verbosity

Verbosity of output produced by the service.

Type:: one of "Verbose", "Quiet"
Default:: "Quiet"

Examples

basic

{ ... }:

{
  services.rosenpass.enable = true;
}

This project is funded by NLnet through these subgrants: