[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using gexps in wireguard-service-type postup
|
From: |
Clément Lassieur |
|
Subject: |
Re: Using gexps in wireguard-service-type postup |
|
Date: |
Sun, 28 Jan 2024 15:04:32 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hi Richard,
On Sat, Jan 27 2024, Richard Sent wrote:
> Hi all,
>
> I'm trying to create a wireguard service, but I've encountered an issue
> that I'm pretty sure I can only resolve using gexps and am having
> trouble with the syntax (or if it's even possible to use them in this
> case).
>
> I want to fetch my private key from password-store when running the
> service, and a PostUp command seems the best way of implementing
> that. Using the wg-quick manual as a base, I get a naive solution like:
I think, here you can just add
(use-modules (gnu packages admin))
> (define* (get-secret-command key #:optional (user (sudo-user)))
> "Returns the shell command needed to read KEY from USER."
> (string-append "sudo -u " user " pass ls " key))
>
> (service wireguard-service-type
> (wireguard-configuration
(private-key (file-append sudo "/bin/sudo -u user <(pass ...)"))
which would be se same as
(private-key #~(string-append #$sudo "/bin/sudo -u user <(pass ...)"))
> ...
> (post-up (list
> ;; Returns "wg set wg-nickleslan private-key <(sudo pass
> ;; ls wireguard-nickleslan-private-key-key)"
> (string-append "wg set " interface " private-key <("
> (get-secret-command
> wireguard-nickleslan-private-key-key) ")")
> (string-append "wg set " interface " peer "
> wireguard-nickleslan-public-key
> " preshared-key <("
> (get-secret-command
> wireguard-nickleslan-preshared-key-key) ")")))))
This will add another "PostUp" field.
Clément