Re: Using gexps in wireguard-service-type postup

[Richard Sent <richard@freakingpenguin.com>]

Clément Lassieur <clement@lassieur.org> writes:

On 2024-01-28 09:04, Clément Lassieur wrote:
> Hi Richard,
> which would be se same as
> 
>         (private-key #~(string-append #$sudo "/bin/sudo -u user <(pass ...)"))

Thanks. I made some progress with this, although I wound up hitting
another hurdle with the preshared-key.

When setting private-key, the following works fine:

--8<---------------cut here---------------start------------->8---
(private-key
 #~(string-append "<("
                  #$sudo "/bin/sudo" " -u richard "
                  #$password-store "/bin/pass ls " #$wireguard-nickleslan-private-key-key
                  ")"))
--8<---------------cut here---------------end--------------->8---

preshared-key, unfortunately, doesn't follow that same pattern. When
setting preshared keys with the following snippet:

--8<---------------cut here---------------start------------->8---
(wireguard-peer
 ...
 (preshared-key
  #~(string-append "<("
                   #$sudo "/bin/sudo -u richard "
                   #$password-store "/bin/pass ls " #$wireguard-nickleslan-preshared-key-key
                   ")")))
--8<---------------cut here---------------end--------------->8---

I wind up with a wireguard.conf file with the following line.

--8<---------------cut here---------------start------------->8---
PostUp = /gnu/store/4cnl0h79zc599xryr5jh66d7yq643zk4-wireguard-tools-1.0.20210914/bin/wg set %i private-key <(/gnu/store/gnybfg31is632dyaivd907f2h0wff80d-sudo-1.9.14p3/bin/sudo -u richard /gnu/store/ppd5qmx2b5fadjhww65xw09zkjphll6r-password-store-1.7.4/bin/pass ls System/WireGuard/NicklesBread/private.key) peer EHoPXGJvQVVpQ6PZ/XQtHx0p5FWEVCS3y2oI2O+Y9zo= preshared-key (string-append <( /gnu/store/gnybfg31is632dyaivd907f2h0wff80d-sudo-1.9.14p3 /bin/sudo -u richard  /gnu/store/ppd5qmx2b5fadjhww65xw09zkjphll6r-password-store-1.7.4 /bin/pass ls  System/WireGuard/NicklesBread/preshared.key ))
--8<---------------cut here---------------end--------------->8---

Emphasis on how everything after preshared-key is a Lisp sexp, not
evaluated output. I'm guessing this is because in gnu/services/vpn.scm,
the relevant code is
l
--8<---------------cut here---------------start------------->8---
(format #f "PostUp = ~a set %i private-key ~a\
~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg")
#$private-key '#$peer-keys)
--8<---------------cut here---------------end--------------->8---

Peer keys is quoted immediately before the ungexp. I'm curious why that
would be done and how I can get preshared-key set correctly.

I did try changing preshared-key to (preshared-key #~,(...)), but that
didn't accomplish anything besides creating a wireguard.config file with
`preshared-key (unquote (string-append ...))` I assume this is because a
quote (') is used instead of a quasiquote (`).

Is there anything on my end I can do to fix this or does it have to be
resolved in Guix proper?

-- 
Take it easy,
Richard Sent
Making my computer weirder one commit at a time.