From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp0.migadu.com ([2001:41d0:303:e16b::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms13.migadu.com with LMTPS
	id iIvfFppEGWdXQgAAqHPOHw:P1
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 23 Oct 2024 18:46:50 +0000
Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0.migadu.com with LMTPS
	id iIvfFppEGWdXQgAAqHPOHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 23 Oct 2024 20:46:50 +0200
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=FhCI0wnE;
	dkim=fail ("headers rsa verify failed") header.d=freakingpenguin.com header.s=x header.b=JZ21jaDA;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1729709210;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=dK5Wk0qN6aclO/dmNZzAQkUHIelDG/tv86VYY107FKQ=;
	b=SZzLA62+ObDz4BslAEyNGoDCKFejp8f198Fh0cj7E+jzQ6fdOmLFaClgn4tSL/+tZyrY0R
	NVbzwFHiGlIUdZ0eyYyKzb8rFrnkWhwZnPlMzjbPt4MFAvpqkLZ7bbxTBxYBHta5wMCV8j
	p0KbW5WKU5qmnrQpADTAXbZT6C50Di3I/2Y3/O0d/0QMyCl+NY8rD3PLQWWw3kOug+US+d
	BCX0oR8lGJ9S1Ncp6nX6cJct3kTu5T852aXa24uwW4bOy+qGO2FOVSg1kLtox05xh98B+b
	zq9uZeMkgJqCO65TDn6JQqX1XQ6g/1b47lXDm+wtBZ3jPQNLgfQCtkTWX320Jw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1729709210; a=rsa-sha256; cv=none;
	b=SE/g2pKLSOn1jIdEoTTNWRpGw9xbOyjVoyjpXqzeXxega3gLtibQpF5nR+1CuZhbDOEpdG
	nb7N375MDhZMSRkim7acW2L0/V67pW72QZajsZ+vv8WBKE8Jz9xyifUZDsFGwOtdonahE/
	nqaXHSvK6DH0G60g0ZwtyL6uLo6Oodpt53sva3cCDADjysRql7Jes+MdMR+5FJmJTwbgYB
	RRJ3EDUEyPbiVWTnLd9tlvWh5eQnFlupiMqyxELyMXpNlo8vls0JgYha0EtEbrzx2Po/e0
	7coiB1d3pZDfPRCk2/EU7S4A23TodlvgZh7sx27jK7aTn0zVjtR5fe04vZHRqg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=FhCI0wnE;
	dkim=fail ("headers rsa verify failed") header.d=freakingpenguin.com header.s=x header.b=JZ21jaDA;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=none
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id EDFD05DC02
	for <larch@yhetil.org>; Wed, 23 Oct 2024 20:46:49 +0200 (CEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1t3gNS-0005vq-PG; Wed, 23 Oct 2024 14:46:38 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1t3gNN-0005uq-Eh
 for guix-patches@gnu.org; Wed, 23 Oct 2024 14:46:37 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1t3gNN-0002JN-6U
 for guix-patches@gnu.org; Wed, 23 Oct 2024 14:46:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:Date:From:To:In-Reply-To:References:Subject;
 bh=dK5Wk0qN6aclO/dmNZzAQkUHIelDG/tv86VYY107FKQ=; 
 b=FhCI0wnEtgN8dj7yy4lc+GvN8iQ2vdMG3Am4MyBCBxTfBs3oBSRB/M+i1hHWbCPs2sO1yT673MI5wqALap+YyJnYWYgXUWz8SxCeRemp5Saj0c/VC44aH4+wOkBaTE3jNv2reojnJe5+xEy6KeF2q611rZmIM3JQxQ1dlxnri2vPNY3rg7DR9VXQx9cgcgqzGepsRIajAtOnz5ZYt5JphGN4CIu5ua9+JdikTBkcXAS4OtZ+8pzbLmbalMKxuvlPfUc5CwQvXAoJBr/0ARrWRMzIaakFBqeimoi43cbysgYeda9dDFBJqER5+klTGqydRdhTO7JeFwK6C09odlRoog==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1t3gNq-00025R-9w
 for guix-patches@gnu.org; Wed, 23 Oct 2024 14:47:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#73955] [PATCH v3 0/3] Improve customizability of WireGuard
 service.
References: <cover.1729632049.git.richard@freakingpenguin.com>
In-Reply-To: <cover.1729632049.git.richard@freakingpenguin.com>
Resent-From: Richard Sent <richard@freakingpenguin.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 23 Oct 2024 18:47:02 +0000
Resent-Message-ID: <handler.73955.B73955.17297091887931@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 73955
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 73955@debbugs.gnu.org
Cc: Richard Sent <richard@freakingpenguin.com>
Received: via spool by 73955-submit@debbugs.gnu.org id=B73955.17297091887931
 (code B ref 73955); Wed, 23 Oct 2024 18:47:02 +0000
Received: (at 73955) by debbugs.gnu.org; 23 Oct 2024 18:46:28 +0000
Received: from localhost ([127.0.0.1]:60799 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1t3gNI-00023m-DX
 for submit@debbugs.gnu.org; Wed, 23 Oct 2024 14:46:28 -0400
Received: from mail-108-mta55.mxroute.com ([136.175.108.55]:43089)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <richard@freakingpenguin.com>) id 1t3gNF-00023Q-B4
 for 73955@debbugs.gnu.org; Wed, 23 Oct 2024 14:46:26 -0400
Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com)
 (Authenticated sender: mN4UYu2MZsgR)
 by mail-108-mta55.mxroute.com (ZoneMTA) with ESMTPSA id 192bab31c760003e01.001
 for <73955@debbugs.gnu.org>
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
 Wed, 23 Oct 2024 18:45:53 +0000
X-Zone-Loop: d7bcbd312944af0f1c82ad6e139f0e7eb2fde11a81ff
X-Originating-IP: [136.175.111.3]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=freakingpenguin.com; s=x; h=Content-Transfer-Encoding:MIME-Version:
 Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=dK5Wk0qN6aclO/dmNZzAQkUHIelDG/tv86VYY107FKQ=; b=JZ21jaDAJ8HjG/j7caeRpmMCJF
 0a80QqFR+AtWfFfbalegORpyE3p3ldcgpSRnQqF3T5ysPS7ueTsBg7F+NBXuA3QtM7DCgFGEofP8+
 sHtmbCBe6l5G+CP43ESfoLXnN25e05wEQ+DKMuSK67S/QuT8V3f98cMb/RqHkX5gwFY/dc+JWT3y5
 IRODYVzoEHMUXHtU0hCtxbSNx3r8sw5ojwbUtlGH6pRhRnFwsPG2QLFtKj+XanbcAW/lb4d7fYVDq
 vjTWn7QCaG9YtPk9ncuQTpyQjnq5waO0EOQ8UuoQ8urvtDWSyf6dY1xIvjeepvePlKz7dzwFhjPNp
 yfTws7UA==;
From: Richard Sent <richard@freakingpenguin.com>
Date: Wed, 23 Oct 2024 14:20:56 -0400
Message-ID: <cover.1729707659.git.richard@freakingpenguin.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Authenticated-Id: richard@freakingpenguin.com
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: guix-patches-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Spam-Score: -3.47
X-Spam-Score: -3.47
X-Migadu-Queue-Id: EDFD05DC02
X-Migadu-Scanner: mx13.migadu.com
X-TUID: L0AeS+wHL9Sj

Hi all,

Apologies for the noise. While playing around some more I realized it
would be useful if preshared-keys also handled gexps. This allows for
constructs like

> (define (file-redirect script)
>   #~(string-append "<(" #$script ")"))
> 
> (wireguard-configuration
>  (private-key (file-redirect
>                (get-secret-program-file "foo")))
>  (peers (list (wireguard-peer
>                (public-key "X")
>                (preshared-key
>                 (file-redirect
>                  (get-secret-program-file "bar" )))))))

This results in a PostUp command like:

> PostUp = /gnu/store/.../wg set %i private-key <(/gnu/store/...wg-get-private)\
>          peer X preshared-key <(/gnu/store/...wg-get-preshared)

You could bang this together via the post-up escape hatch before v3 of
this patch, but it would be rather awkward and cause some unpleasant
linkage between peers and the interface configuration (since peers
can't specify their own postup commands).

Richard Sent (3):
  services: wireguard: Make the private-key field optional.
  services: wireguard: Support lists of gexps for most fields.
  services: wireguard: Support gexps for peer preshared keys.

 doc/guix.texi        | 36 ++++++++++++++++-----
 gnu/services/vpn.scm | 75 +++++++++++++++++++++++---------------------
 2 files changed, 69 insertions(+), 42 deletions(-)


base-commit: bd26815cf8ce38a3b03676a6e3fc482bb74247cb
-- 
2.46.0