[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using gexps in wireguard-service-type postup
From: |
Richard Sent |
Subject: |
Re: Using gexps in wireguard-service-type postup |
Date: |
Sun, 28 Jan 2024 13:36:19 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Clément Lassieur <clement@lassieur.org> writes:
On 2024-01-28 09:04, Clément Lassieur wrote:
> Hi Richard,
> which would be se same as
>
> (private-key #~(string-append #$sudo "/bin/sudo -u user <(pass ...)"))
Thanks. I made some progress with this, although I wound up hitting
another hurdle with the preshared-key.
When setting private-key, the following works fine:
--8<---------------cut here---------------start------------->8---
(private-key
#~(string-append "<("
#$sudo "/bin/sudo" " -u richard "
#$password-store "/bin/pass ls "
#$wireguard-nickleslan-private-key-key
")"))
--8<---------------cut here---------------end--------------->8---
preshared-key, unfortunately, doesn't follow that same pattern. When
setting preshared keys with the following snippet:
--8<---------------cut here---------------start------------->8---
(wireguard-peer
...
(preshared-key
#~(string-append "<("
#$sudo "/bin/sudo -u richard "
#$password-store "/bin/pass ls "
#$wireguard-nickleslan-preshared-key-key
")")))
--8<---------------cut here---------------end--------------->8---
I wind up with a wireguard.conf file with the following line.
--8<---------------cut here---------------start------------->8---
PostUp =
/gnu/store/4cnl0h79zc599xryr5jh66d7yq643zk4-wireguard-tools-1.0.20210914/bin/wg
set %i private-key
<(/gnu/store/gnybfg31is632dyaivd907f2h0wff80d-sudo-1.9.14p3/bin/sudo -u richard
/gnu/store/ppd5qmx2b5fadjhww65xw09zkjphll6r-password-store-1.7.4/bin/pass ls
System/WireGuard/NicklesBread/private.key) peer
EHoPXGJvQVVpQ6PZ/XQtHx0p5FWEVCS3y2oI2O+Y9zo= preshared-key (string-append <(
/gnu/store/gnybfg31is632dyaivd907f2h0wff80d-sudo-1.9.14p3 /bin/sudo -u richard
/gnu/store/ppd5qmx2b5fadjhww65xw09zkjphll6r-password-store-1.7.4 /bin/pass ls
System/WireGuard/NicklesBread/preshared.key ))
--8<---------------cut here---------------end--------------->8---
Emphasis on how everything after preshared-key is a Lisp sexp, not
evaluated output. I'm guessing this is because in gnu/services/vpn.scm,
the relevant code is
l
--8<---------------cut here---------------start------------->8---
(format #f "PostUp = ~a set %i private-key ~a\
~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg")
#$private-key '#$peer-keys)
--8<---------------cut here---------------end--------------->8---
Peer keys is quoted immediately before the ungexp. I'm curious why that
would be done and how I can get preshared-key set correctly.
I did try changing preshared-key to (preshared-key #~,(...)), but that
didn't accomplish anything besides creating a wireguard.config file with
`preshared-key (unquote (string-append ...))` I assume this is because a
quote (') is used instead of a quasiquote (`).
Is there anything on my end I can do to fix this or does it have to be
resolved in Guix proper?
--
Take it easy,
Richard Sent
Making my computer weirder one commit at a time.