GNU bug report logs - #73955
[PATCH 0/2] Improve customizability of WireGuard service

Previous Next

Full log

View this message in rfc822 format

From: Richard Sent <richard <at> freakingpenguin.com>
To: 73955 <at> debbugs.gnu.org
Cc: Richard Sent <richard <at> freakingpenguin.com>
Subject: [bug#73955] [PATCH v3 0/3] Improve customizability of WireGuard service.
Date: Wed, 23 Oct 2024 14:20:56 -0400

Hi all,

Apologies for the noise. While playing around some more I realized it
would be useful if preshared-keys also handled gexps. This allows for
constructs like

> (define (file-redirect script)
>   #~(string-append "<(" #$script ")"))
> 
> (wireguard-configuration
>  (private-key (file-redirect
>                (get-secret-program-file "foo")))
>  (peers (list (wireguard-peer
>                (public-key "X")
>                (preshared-key
>                 (file-redirect
>                  (get-secret-program-file "bar" )))))))

This results in a PostUp command like:

> PostUp = /gnu/store/.../wg set %i private-key <(/gnu/store/...wg-get-private)\
>          peer X preshared-key <(/gnu/store/...wg-get-preshared)

You could bang this together via the post-up escape hatch before v3 of
this patch, but it would be rather awkward and cause some unpleasant
linkage between peers and the interface configuration (since peers
can't specify their own postup commands).

Richard Sent (3):
  services: wireguard: Make the private-key field optional.
  services: wireguard: Support lists of gexps for most fields.
  services: wireguard: Support gexps for peer preshared keys.

 doc/guix.texi        | 36 ++++++++++++++++-----
 gnu/services/vpn.scm | 75 +++++++++++++++++++++++---------------------
 2 files changed, 69 insertions(+), 42 deletions(-)


base-commit: bd26815cf8ce38a3b03676a6e3fc482bb74247cb
-- 
2.46.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.