[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using gexps in wireguard-service-type postup
From: |
Clément Lassieur |
Subject: |
Re: Using gexps in wireguard-service-type postup |
Date: |
Sun, 28 Jan 2024 23:59:36 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
On Sun, Jan 28 2024, Richard Sent wrote:
> Clément Lassieur <clement@lassieur.org> writes:
>
> On 2024-01-28 09:04, Clément Lassieur wrote:
>> Hi Richard,
>> which would be se same as
>>
>> (private-key #~(string-append #$sudo "/bin/sudo -u user <(pass
>> ...)"))
>
> Thanks. I made some progress with this, although I wound up hitting
> another hurdle with the preshared-key.
>
> When setting private-key, the following works fine:
>
> (private-key
> #~(string-append "<("
> #$sudo "/bin/sudo" " -u richard "
> #$password-store "/bin/pass ls "
> #$wireguard-nickleslan-private-key-key
> ")"))
>
>
> preshared-key, unfortunately, doesn't follow that same pattern. When
> setting preshared keys with the following snippet:
>
> (wireguard-peer
> ...
> (preshared-key
> #~(string-append "<("
> #$sudo "/bin/sudo -u richard "
> #$password-store "/bin/pass ls "
> #$wireguard-nickleslan-preshared-key-key
> ")")))
>
>
> I wind up with a wireguard.conf file with the following line.
>
> PostUp =
> /gnu/store/4cnl0h79zc599xryr5jh66d7yq643zk4-wireguard-tools-1.0.20210914/bin/wg
> set %i private-key
> <(/gnu/store/gnybfg31is632dyaivd907f2h0wff80d-sudo-1.9.14p3/bin/sudo -u
> richard
> /gnu/store/ppd5qmx2b5fadjhww65xw09zkjphll6r-password-store-1.7.4/bin/pass ls
> System/WireGuard/NicklesBread/private.key) peer
> EHoPXGJvQVVpQ6PZ/XQtHx0p5FWEVCS3y2oI2O+Y9zo= preshared-key (string-append <(
> /gnu/store/gnybfg31is632dyaivd907f2h0wff80d-sudo-1.9.14p3 /bin/sudo -u
> richard /gnu/store/ppd5qmx2b5fadjhww65xw09zkjphll6r-password-store-1.7.4
> /bin/pass ls System/WireGuard/NicklesBread/preshared.key ))
Indeed probably the service is not meant to be used this way with
G-exps. As a workaround you can use the private-key field to add
everything you need there. As in
(private-key #~(string-append #$sudo "/bin/sudo -u user <(pass ...) peer "
#$peer " preshared-key " #$preshared-key))
> Emphasis on how everything after preshared-key is a Lisp sexp, not
> evaluated output. I'm guessing this is because in gnu/services/vpn.scm,
> the relevant code is
> l
>
> (format #f "PostUp = ~a set %i private-key ~a\
> ~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg")
> #$private-key '#$peer-keys)
>
> Peer keys is quoted immediately before the ungexp. I'm curious why that
> would be done and how I can get preshared-key set correctly.
>
> I did try changing preshared-key to (preshared-key #~,(...)), but that
> didn't accomplish anything besides creating a wireguard.config file with
> `preshared-key (unquote (string-append ...))` I assume this is because a
> quote (') is used instead of a quasiquote (`).
>
> Is there anything on my end I can do to fix this or does it have to be
> resolved in Guix proper?
I haven't looked at it closely but probably the service needs at least a
way to add a raw configuration file as, say, the nginx service does (see
raw-content)... Those raw configuration files can be built with g-exps.
Clément