diff options
| author | Richard Sent <richard@freakingpenguin.com> | 2024-12-04 15:59:33 -0500 |
|---|---|---|
| committer | Mathieu Othacehe <othacehe@gnu.org> | 2024-12-06 20:09:28 +0100 |
| commit | aa12068c91d40c568a44c8d2e36d2ee88ce79d84 (patch) | |
| tree | 443991057a1a3c07128ef804d1b8d6e6897eae03 /gnu/services/vpn.scm | |
| parent | d101a6275ac4ee287859349a77c08d43e98a4c88 (diff) | |
| download | guix-aa12068c91d40c568a44c8d2e36d2ee88ce79d84.tar.gz guix-aa12068c91d40c568a44c8d2e36d2ee88ce79d84.zip | |
services: wireguard: Make the private-key field optional.
Users who retrieve the private-key via a PreUp field need to be able to
disable the default retrieval mechanism.
* gnu/services/vpn.scm (<wireguard-configuration>)[private-key]: Change
comment.
(wireguard-configuration-file): Conditionally serialize private-key.
* gnu/services/vpn.scm (wireguard-activation): Do not create private-key if
the field is #f.
* doc/guix.texi (VPN Services)[wireguard-configuration]: Document it.
Change-Id: Iac419809ae94eb76e97ff1f1749e2f4b3e65bb04
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
Diffstat (limited to 'gnu/services/vpn.scm')
| -rw-r--r-- | gnu/services/vpn.scm | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 7fb4775757..b62e0ac838 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -741,7 +741,7 @@ strongSwan."))) (default '("10.0.0.1/32"))) (port wireguard-configuration-port ;integer (default 51820)) - (private-key wireguard-configuration-private-key ;string + (private-key wireguard-configuration-private-key ;maybe-string (default "/etc/wireguard/private.key")) (peers wireguard-configuration-peers ;list of <wiregard-peer> (default '())) @@ -805,9 +805,12 @@ strongSwan."))) #$@(if (null? pre-up) '() (list (format #f "~{PreUp = ~a~%~}" pre-up))) - (format #f "PostUp = ~a set %i private-key ~a\ -~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg") -#$private-key '#$peer-keys) + (if #$private-key + (format #f "PostUp = ~a set %i private-key ~a\ +~{ peer ~a preshared-key ~a~}" + #$(file-append wireguard "/bin/wg") + #$private-key '#$peer-keys) + "") #$@(if (null? post-up) '() (list (format #f "~{PostUp = ~a~%~}" post-up))) @@ -838,18 +841,19 @@ strongSwan."))) (use-modules (guix build utils) (ice-9 popen) (ice-9 rdelim)) - (mkdir-p (dirname #$private-key)) - (unless (file-exists? #$private-key) - (let* ((pipe - (open-input-pipe (string-append - #$(file-append wireguard "/bin/wg") - " genkey"))) - (key (read-line pipe))) - (call-with-output-file #$private-key - (lambda (port) - (display key port))) - (chmod #$private-key #o400) - (close-pipe pipe)))))) + (when #$private-key + (mkdir-p (dirname #$private-key)) + (unless (file-exists? #$private-key) + (let* ((pipe + (open-input-pipe (string-append + #$(file-append wireguard "/bin/wg") + " genkey"))) + (key (read-line pipe))) + (call-with-output-file #$private-key + (lambda (port) + (display key port))) + (chmod #$private-key #o400) + (close-pipe pipe))))))) ;;; XXX: Copied from (guix scripts pack), changing define to define*. (define-syntax-rule (define-with-source (variable args ...) body body* ...) |