[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using gexps in wireguard-service-type postup

From: Clément Lassieur
Subject: Re: Using gexps in wireguard-service-type postup
Date: Sun, 28 Jan 2024 15:04:32 +0100
User-agent: Gnus/5.13 (Gnus v5.13)

Hi Richard,

On Sat, Jan 27 2024, Richard Sent wrote:

> Hi all,
> I'm trying to create a wireguard service, but I've encountered an issue
> that I'm pretty sure I can only resolve using gexps and am having
> trouble with the syntax (or if it's even possible to use them in this
> case).
> I want to fetch my private key from password-store when running the
> service, and a PostUp command seems the best way of implementing
> that. Using the wg-quick manual as a base, I get a naive solution like:

I think, here you can just add

  (use-modules (gnu packages admin))

> (define* (get-secret-command key #:optional (user (sudo-user)))
>    "Returns the shell command needed to read KEY from USER."
>    (string-append "sudo -u " user " pass ls " key))
> (service wireguard-service-type
>      (wireguard-configuration
        (private-key (file-append sudo "/bin/sudo -u user <(pass ...)"))

which would be se same as

        (private-key #~(string-append #$sudo "/bin/sudo -u user <(pass ...)"))

>       ...
>       (post-up (list
>                 ;; Returns "wg set wg-nickleslan private-key <(sudo pass
>                 ;; ls wireguard-nickleslan-private-key-key)"
>                 (string-append "wg set " interface " private-key <("
>                                (get-secret-command 
> wireguard-nickleslan-private-key-key) ")")
>                 (string-append "wg set " interface " peer " 
> wireguard-nickleslan-public-key
>                                " preshared-key <("
>                                (get-secret-command 
> wireguard-nickleslan-preshared-key-key) ")")))))

This will add another "PostUp" field.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]