GNU bug report logs - #73955
[PATCH 0/2] Improve customizability of WireGuard service

Previous Next

Package: guix-patches;

Reported by: Richard Sent <richard <at> freakingpenguin.com>

Date: Tue, 22 Oct 2024 21:25:02 UTC

Severity: normal

Tags: patch

Done: Mathieu Othacehe <othacehe <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #41 received at 73955 <at> debbugs.gnu.org (full text, mbox):

From: Richard Sent <richard <at> freakingpenguin.com>
To: Mathieu Othacehe <othacehe <at> gnu.org>
Cc: 73955 <at> debbugs.gnu.org
Subject: Re: [bug#73955] [PATCH v3 3/3] services: wireguard: Support gexps for peer preshared keys.
Date: Mon, 04 Nov 2024 09:53:49 -0500

> Do you think that it would make sense to also update the documentation
> for the "preshared-key" field, to mention that it can be a gexp?

Makes sense to me!

> (wireguard-configuration
>  (private-key (file-redirect
>                (get-secret-program-file "foo"))))

I'm also realizing that while the wireguard.conf generated in my example is correct, we still bootstrap a private key at file path <(/gnu/store...), which isn't ideal.

We could only attempt to bootstrap "reasonable" file names (i.e. those that start with a /), but this feels icky and <(foo) is technically a valid file name.

I quite like how utilizing the private-key field for commands instead of a file path works (as opposed to a rather ugly manual postup), so perhaps a bootstrap-private-key? field should be added. As long as it defaults to #t I don't see it impacting existing setups.
This bug report was last modified 169 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.