GNU bug report logs - #48803
[PATCH] strongswan: provide a service definition and configuration interface.

Previous Next

Package: guix-patches;

Reported by: Domagoj Stolfa <ds815 <at> gmx.com>

Date: Wed, 2 Jun 2021 23:12:02 UTC

Severity: normal

Tags: patch

Done: Tobias Geerinckx-Rice <me <at> tobias.gr>

Bug is archived. No further changes may be made.

Full log

Message #29 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Domagoj Stolfa <ds815 <at> gmx.com>
Cc: 48803-done <at> debbugs.gnu.org, guix-patches <at> gnu.org
Subject: Re: [bug#48803] [PATCH]    gnu: Add strongswan service.
Date: Fri, 25 Jun 2021 01:17:43 +0200

[Message part 1 (text/plain, inline)]
Domagoj!

This is finally on master with the following changes:

Domagoj Stolfa 写道:
>    * gnu/services/vpn.scm (strongswan-configuration): New record 
>    type.
>    (charon-plugins, strongswan-configuration-file)
>    (strongswan-shepherd-service, strongswan-service-type): New 
>    variables.

I don't know where this extra spacing came from but removed it.

> +@subheading StrongSwan

I'm sure some style guides disapprove, but I changed all usage of 
‘StrongSwan’ to upstream's ‘strongSwan’.

> +Currently, the StrongSwan service only provides legacy-style 
> configuration with
> +ipsec.conf and ipsec.secrets files.

We have cool @file{} mark up so I used it.

> +@defvr {Scheme Variable} strongswan-service-type
> +A service type for StrongSwan configuration.

Added a very brief ‘IPsec VPN’ context.

> +@lisp
> +(service strongswan-service-type
> +         (strongswan-configuration
> +         (ipsec-conf "/etc/ipsec.conf")
> +         (ipsec-secrets "/etc/ipsec.secrets")))

Fixed the indentation.

> +@item @code{ipsec-conf} (default: @code{#f})
> +The path to an ipsec.conf file.  If set to @code{#f}, 
> @code{ipsec-secrets} will
> +also be ignored.

Reworded this to match the exception I added below.  Added moar 
@file{}.

>  @c %end of automatic openvpn-server documentation

This indicates that the author of the previous OpenVPN section 
automated the docs somehow.  I moved it back.

>  @subsubheading Wireguard
> diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
> index 2bcbf76727..691cc3c05a 100644
> --- a/gnu/services/vpn.scm
> +++ b/gnu/services/vpn.scm
> @@ -26,6 +26,7 @@
>    #:use-module (gnu services shepherd)
>    #:use-module (gnu system shadow)
>    #:use-module (gnu packages admin)
> +  #:use-module (gnu packages networking)

Oops, noticed this only now… I don't think it's needed anymore. 
Can you confirm?

‘guix system’ & friends will now throw an inelegant error if 
ipsec-conf & ipsec-secrets are incongruent.  I couldn't get 
meaningful location data out of CONFIG.  This does the job:

+        (throw 'error
+               (G_ "strongSwan ipsec-conf and ipsec-secrets must 
\
+both be (un)set")))))

> +(define strongswan-service-type
> +  (service-type
> +   (name 'strongswan)
> +   (extensions
> +    (list (service-extension shepherd-root-service-type
> +                             strongswan-shepherd-service)))))

I added a default-value so people can simply write

 (service strongswan-service-type)

and a short description.

Thank you very much!

T G-R

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 336 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.