diff options
Diffstat (limited to 'gnu/services')
| -rw-r--r-- | gnu/services/vpn.scm | 64 |
1 files changed, 34 insertions, 30 deletions
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index b62e0ac838..f9693fb099 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -80,6 +80,7 @@ wireguard-configuration-monitor-ips? wireguard-configuration-monitor-ips-interval wireguard-configuration-private-key + wireguard-configuration-bootstrap-private-key? wireguard-configuration-peers wireguard-configuration-pre-up wireguard-configuration-post-up @@ -733,34 +734,36 @@ strongSwan."))) (define-record-type* <wireguard-configuration> wireguard-configuration make-wireguard-configuration wireguard-configuration? - (wireguard wireguard-configuration-wireguard ;file-like - (default wireguard-tools)) - (interface wireguard-configuration-interface ;string - (default "wg0")) - (addresses wireguard-configuration-addresses ;string - (default '("10.0.0.1/32"))) - (port wireguard-configuration-port ;integer - (default 51820)) - (private-key wireguard-configuration-private-key ;maybe-string - (default "/etc/wireguard/private.key")) - (peers wireguard-configuration-peers ;list of <wiregard-peer> - (default '())) - (dns wireguard-configuration-dns ;list of strings - (default '())) - (monitor-ips? wireguard-configuration-monitor-ips? ;boolean - (default #f)) - (monitor-ips-interval wireguard-configuration-monitor-ips-interval - (default '(next-minute (range 0 60 5)))) ;string | list - (pre-up wireguard-configuration-pre-up ;list of strings - (default '())) - (post-up wireguard-configuration-post-up ;list of strings - (default '())) - (pre-down wireguard-configuration-pre-down ;list of strings - (default '())) - (post-down wireguard-configuration-post-down ;list of strings - (default '())) - (table wireguard-configuration-table ;string - (default "auto"))) + (wireguard wireguard-configuration-wireguard ;file-like + (default wireguard-tools)) + (interface wireguard-configuration-interface ;string + (default "wg0")) + (addresses wireguard-configuration-addresses ;string + (default '("10.0.0.1/32"))) + (port wireguard-configuration-port ;integer + (default 51820)) + (private-key wireguard-configuration-private-key ;maybe-string + (default "/etc/wireguard/private.key")) + (bootstrap-private-key? wireguard-configuration-bootstrap-private-key? ;boolean + (default #t)) + (peers wireguard-configuration-peers ;list of <wiregard-peer> + (default '())) + (dns wireguard-configuration-dns ;list of strings + (default '())) + (monitor-ips? wireguard-configuration-monitor-ips? ;boolean + (default #f)) + (monitor-ips-interval wireguard-configuration-monitor-ips-interval + (default '(next-minute (range 0 60 5)))) ;string | list + (pre-up wireguard-configuration-pre-up ;list of strings + (default '())) + (post-up wireguard-configuration-post-up ;list of strings + (default '())) + (pre-down wireguard-configuration-pre-down ;list of strings + (default '())) + (post-down wireguard-configuration-post-down ;list of strings + (default '())) + (table wireguard-configuration-table ;string + (default "auto"))) (define (wireguard-configuration-file config) (define (peer->config peer) @@ -836,12 +839,13 @@ strongSwan."))) (define (wireguard-activation config) (match-record config <wireguard-configuration> - (private-key wireguard) + (private-key bootstrap-private-key? wireguard) #~(begin (use-modules (guix build utils) (ice-9 popen) (ice-9 rdelim)) - (when #$private-key + (when (and #$private-key + #$bootstrap-private-key?) (mkdir-p (dirname #$private-key)) (unless (file-exists? #$private-key) (let* ((pipe |