[bug#41080] [PATCH v2] Add wireguard connection instructions to cookbook

[Marcin Karpezo <sirmacik@wioo.waw.pl>]

* doc: cookbook: add entry for Wireguard VPN connection on Guix System
---
 doc/guix-cookbook.texi | 68 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 67 insertions(+), 1 deletion(-)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 8651bc4429..0e0727310a 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -327,7 +327,7 @@ package definitions.
 @item
 Inheritance makes it easy to customize a package by inheriting from it and
 modifying only what is needed.
- 
+
 @item
 Batch processing: the whole package collection can be parsed, filtered and
 processed.  Building a headless server with all graphical interfaces stripped
@@ -1323,6 +1323,7 @@ reference.
 
 @menu
 * Customizing the Kernel::       Creating and using a custom Linux kernel on Guix System.
+* Connect to Wireguard VPN::     Connecting your Guix System to Wireguard VPN.
 * Customizing a Window Manager:: Handle customization of a Window manager on Guix System.
 * Setting up a bind mount:: Setting up a bind mount in the file-systems definition.
 @end menu
@@ -1567,6 +1568,71 @@ likely that you'll need to modify the initrd on a machine using a custom
 kernel, since certain modules which are expected to be built may not be
 available for inclusion into the initrd.
 
+@node Connect to Wireguard VPN
+@section Connect to Wireguard VPN
+
+To connect your Guix system with Wireguard VPN server you need to add
+@code{wireguard-tools} package to your system configuration file and
+additional kernel line, e.g. @file{/etc/config.scm}.
+
+An example configuration file will look like this:
+
+@lisp
+(use-modules (gnu))
+(use-package-modules vpn)
+
+(operating-system
+;; …
+(packages
+    (append (map specification->package
+        '("wireguard-tools"))
+    %base-packages))
+ (kernel-loadable-modules (list wireguard-linux-compat))
+ ;; …
+@end lisp
+
+After @code{guix system reconfigure /etc/config.scm} you can either
+place your config file in @file{/etc/wireguard} and run
+@code{wg-quick up wg0} command or use NetworkManager for wireguard
+management.
+
+Thanks to Network Manager support for Wireguard we can connect to our
+VPN using @code{nmcli} command. Up to this point this guide assumes that
+you're using Network Manager service provided by
+@code{%desktop-services}. Ortherwise you need to adjust your services
+list to load @code{network-manager-service-type} and reconfigure your
+Guix system.
+
+To import your VPN configuration execute nmcli import command:
+
+@example shell
+~ % sudo nmcli connection import type wireguard file wg0.conf
+Connection 'wg0' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully added
+@end example
+
+Next connect to Wireguard server
+
+@example shell
+~ % nmcli connection up wg0
+Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
+@end example
+
+By default NM will connect automatically on system boot. To change that
+behaviour you need to edit your config:
+
+@example shell
+~ % sudo nmcli connection edit wg0
+nmcli> print connection.autoconnect
+connection.autoconnect: yes
+nmcli> set connection.autoconnect no
+nmcli> save
+Connection 'prv' (edbee261-aa5a-42db-b032-6c7757c60fde) successfully updated.
+@end example
+
+For more specific information about NetworkManager and wireguard
+@uref{https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/,see
+this post by thaller}.
+
 @node Customizing a Window Manager
 @section Customizing a Window Manager
 @cindex wm
-- 
2.26.2