guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#73955] [PATCH v3 0/3] Improve customizability of WireGuard service.

From: Richard Sent
Subject: [bug#73955] [PATCH v3 0/3] Improve customizability of WireGuard service.
Date: Wed, 23 Oct 2024 14:20:56 -0400 
Hi all,

Apologies for the noise. While playing around some more I realized it
would be useful if preshared-keys also handled gexps. This allows for
constructs like

> (define (file-redirect script)
>   #~(string-append "<(" #$script ")"))
> 
> (wireguard-configuration
>  (private-key (file-redirect
>                (get-secret-program-file "foo")))
>  (peers (list (wireguard-peer
>                (public-key "X")
>                (preshared-key
>                 (file-redirect
>                  (get-secret-program-file "bar" )))))))

This results in a PostUp command like:

> PostUp = /gnu/store/.../wg set %i private-key <(/gnu/store/...wg-get-private)\
>          peer X preshared-key <(/gnu/store/...wg-get-preshared)

You could bang this together via the post-up escape hatch before v3 of
this patch, but it would be rather awkward and cause some unpleasant
linkage between peers and the interface configuration (since peers
can't specify their own postup commands).

Richard Sent (3):
  services: wireguard: Make the private-key field optional.
  services: wireguard: Support lists of gexps for most fields.
  services: wireguard: Support gexps for peer preshared keys.

 doc/guix.texi        | 36 ++++++++++++++++-----
 gnu/services/vpn.scm | 75 +++++++++++++++++++++++---------------------
 2 files changed, 69 insertions(+), 42 deletions(-)


base-commit: bd26815cf8ce38a3b03676a6e3fc482bb74247cb
-- 
2.46.0
reply via email to
[Prev in Thread] Current Thread [Next in Thread]