From 1e0ca84d91fbcac58ec1ce45447407b0f7848661 Mon Sep 17 00:00:00 2001 From: apoorv569 Date: Wed, 25 Sep 2024 09:06:05 +0530 Subject: [PATCH V2] Wireguard: Deprecate and rename fields with warning - preshared-key to preshared-key-file - private-key to private-key-file --- gnu/services/vpn.scm | 79 +++++++++++++++++++++++++++++--------------- 1 file changed, 52 insertions(+), 27 deletions(-) diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index aab41680d3..efdb85e3a6 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -67,7 +67,8 @@ (define-module (gnu services vpn) wireguard-peer-endpoint wireguard-peer-allowed-ips wireguard-peer-public-key - wireguard-peer-preshared-key + wireguard-peer-preshared-key ; deprecated + wireguard-peer-preshared-key-file wireguard-peer-keep-alive wireguard-configuration @@ -79,7 +80,8 @@ (define-module (gnu services vpn) wireguard-configuration-dns wireguard-configuration-monitor-ips? wireguard-configuration-monitor-ips-interval - wireguard-configuration-private-key + wireguard-configuration-private-key ; deprecated + wireguard-configuration-private-key-file wireguard-configuration-peers wireguard-configuration-pre-up wireguard-configuration-post-up @@ -725,8 +727,10 @@ (define-record-type* (endpoint wireguard-peer-endpoint (default #f)) ;string (public-key wireguard-peer-public-key) ;string - (preshared-key wireguard-peer-preshared-key + (preshared-key wireguard-peer-preshared-key ;deprecated (default #f)) ;string + (preshared-key-file wireguard-peer-preshared-key-file + (default #f)) ;string (allowed-ips wireguard-peer-allowed-ips) ;list of strings (keep-alive wireguard-peer-keep-alive (default #f))) ;integer @@ -742,7 +746,9 @@ (define-record-type* (default '("10.0.0.1/32"))) (port wireguard-configuration-port ;integer (default 51820)) - (private-key wireguard-configuration-private-key ;string + (private-key wireguard-configuration-private-key ;string ;deprecated + (default "/etc/wireguard/private.key")) + (private-key-file wireguard-configuration-private-key-file ;string (default "/etc/wireguard/private.key")) (peers wireguard-configuration-peers ;list of (default '())) @@ -778,18 +784,31 @@ (define (peer->config peer) (string-join (remove string-null? lines) "\n")))) (define (peers->preshared-keys peer keys) - (let ((public-key (wireguard-peer-public-key peer)) - (preshared-key (wireguard-peer-preshared-key peer))) - (if preshared-key - (cons* public-key preshared-key keys) + (let* ((public-key (wireguard-peer-public-key peer)) + (preshared-key (wireguard-peer-preshared-key peer)) + (preshared-key-file (wireguard-peer-preshared-key-file peer)) + (final-preshared-key (or preshared-key preshared-key-file))) + + ;; XXX Warn about deprecated preshared-key field with newer replacement + (when preshared-key + (warn-about-deprecation 'preshared-key #f #:replacement 'preshared-key-file)) + + (if final-preshared-key + (cons* public-key final-preshared-key keys) keys))) (match-record config - (wireguard interface addresses port private-key peers dns + (wireguard interface addresses port private-key-file private-key peers dns pre-up post-up pre-down post-down table) + + ;; XXX Warn about deprecated private-key field with newer replacement + (when private-key + (warn-about-deprecation 'private-key #f #:replacement 'private-key-file)) + (let* ((config-file (string-append interface ".conf")) (peer-keys (fold peers->preshared-keys (list) peers)) (peers (map peer->config peers)) + (final-private-key (or private-key private-key-file)) (config (computed-file "wireguard-config" @@ -810,7 +829,7 @@ (define lines (list (format #f "~{PreUp = ~a~%~}" pre-up))) (format #f "PostUp = ~a set %i private-key ~a\ ~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg") -#$private-key '#$peer-keys) +#$final-private-key '#$peer-keys) #$@(if (null? post-up) '() (list (format #f "~{PostUp = ~a~%~}" post-up))) @@ -836,23 +855,29 @@ (define lines (define (wireguard-activation config) (match-record config - (private-key wireguard) - #~(begin - (use-modules (guix build utils) - (ice-9 popen) - (ice-9 rdelim)) - (mkdir-p (dirname #$private-key)) - (unless (file-exists? #$private-key) - (let* ((pipe - (open-input-pipe (string-append - #$(file-append wireguard "/bin/wg") - " genkey"))) - (key (read-line pipe))) - (call-with-output-file #$private-key - (lambda (port) - (display key port))) - (chmod #$private-key #o400) - (close-pipe pipe)))))) + (private-key private-key-file wireguard) + + ;; XXX Warn about deprecated private-key field with newer replacement + (when private-key + (warn-about-deprecation 'private-key #f #:replacement 'private-key-file)) + + (let ((final-private-key (or private-key private-key-file))) + #~(begin + (use-modules (guix build utils) + (ice-9 popen) + (ice-9 rdelim)) + (mkdir-p (dirname #$final-private-key)) + (unless (file-exists? #$final-private-key) + (let* ((pipe + (open-input-pipe (string-append + #$(file-append wireguard "/bin/wg") + " genkey"))) + (key (read-line pipe))) + (call-with-output-file #$final-private-key + (lambda (port) + (display key port))) + (chmod #$final-private-key #o400) + (close-pipe pipe))))))) ;;; XXX: Copied from (guix scripts pack), changing define to define*. (define-syntax-rule (define-with-source (variable args ...) body body* ...) -- 2.46.0