Add man pages.

1 files changed, 128 insertions, 0 deletions

diff --git a/man/wgconfd.5.scd b/man/wgconfd.5.scd
new file mode 100644
index 0000000..15c19e9
--- /dev/null
+++ b/man/wgconfd.5.scd
@@ -0,0 +1,128 @@
+wgconfd(5)
+
+# NAME
+
+wgconfd - configuration file
+
+# GLOBAL OPTIONS
+
+The following global options are available:
+
+*min_keepalive*
+	The minimum value for the persistent keepalive timeout, in seconds. Any peer
+	with a smaller timeout uses this one instead. Set to 0 to disable the
+	timeout altogether.
+
+	Default: _10_
+
+*max_keepalive*
+	The maximum value for the persistent keepalive timeout, in seconds. Any peer
+	with a larger (or missing) timeout uses this one instead. If set to 0, there
+	is no maximum.
+
+	Default: _0_
+
+*refresh_sec*
+	The time between configuration updates, in seconds.
+
+	Default: _1200_
+
+*cache_directory*
+	Path to the cache directory.
+
+	Default: _$CACHE_DIRECTORY_
+
+*runtime_directory*
+	Path to the runtime state directory.
+
+	Default: _$RUNTIME_DIRECTORY_
+
+# SOURCE SECTIONS
+
+Sources are defined in *[[source]]* sections. The following options are available:
+
+*name*
+	The name used to identify the source in logs and in the cache. All sources
+	should have distinct names. Should only contain characters that can be put
+	in a filename. Required.
+
+*url*
+	The URL of the source. It must point to a JSON file following the format
+	described in the README.
+
+*ipv4*
+	A list of allowed IPv4 networks, each of the form _"ADDR/LEN"_. All of the
+	address bits after the prefix must be set to 0.
+
+	If a source tries to assign a range of addresses to a peer and that range
+	has addresses that are not listed in the *ipv4* configuration option, the
+	entire range is discarded.
+
+	Default: _[]_
+
+*ipv6*
+	A list of allowed IPv6 networks, each of the form _"ADDR/LEN"_. All of the
+	address bits after the prefix must be set to 0.
+
+	If a source tries to assign a range of addresses to a peer and that range
+	has addresses that are not listed in the *ipv6* configuration option, the
+	entire range is discarded.
+
+	Default: _[]_
+
+*psk*
+	Path to a file containing the default preshared key used for all peers
+	defined by this source.
+
+	Default: no preshared key
+
+*required*
+	Boolean. If set to true, *wgconfd*(8) will fail to start if fetching the
+	source fails.
+
+	Default: _false_
+
+*allow_road_warriors*
+	Boolean. If set to false, road warriors from this source will not be allowed
+	to use this interface machine as their base peer.
+
+	Default: _true_
+
+# PEER SECTIONS
+
+In some cases one may want to override some settings for individual peers.
+This can be achieved through *[[peer]]* sections:
+
+*public_key*
+	The public key of the peer for which the overrides apply, as a base64
+	encoded string.
+
+	Required.
+
+*source*
+	If specified, ignore attempts by other sources to define this peer. Note
+	that even if this is set, other sources can add allowed IP addresses for
+	the peer by creating road warriors.
+
+	Default: do not restrict source
+
+*endpoint*
+	Override the endpoint address of the peer.
+
+	Default: use the endpoint address from the source
+
+*psk*
+	Path to a preshared key to use for this peer.
+
+	Default: the PSK of the source, if any
+
+*keepalive*
+	Override the persistent keepalive timeout for this peer. The value here is
+	not affected by the *min_keepalive* and *max_keepalive* configuration
+	options.
+
+	Default: the keepalive value from the source, or infinite if not set,
+	restricted by *min_keepalive* and *max_keepalive*
+
+Note that having a *[[peer]]* section is not enough to create a peer - it must
+also exist in one of the sources.