From 7bbeec490aff0a5b3d123b633ee89e8c6a65cbd6 Mon Sep 17 00:00:00 2001 From: Denis 'GNUtoo' Carikli Date: Mon, 18 Sep 2023 23:38:35 +0200 Subject: [PATCH] Make WireGuard disabled by default. WireGuard is hardcoded to my configuration, so it needs to be disabled by default. Signed-off-by: Denis 'GNUtoo' Carikli --- Makefile.am | 1 + configure.ac | 10 +++++++++ mumble-vm-system.scm.tmpl | 43 +++++++++++++++++++++++---------------- 3 files changed, 36 insertions(+), 18 deletions(-) diff --git a/Makefile.am b/Makefile.am index 7cd8034..b0d2e98 100644 --- a/Makefile.am +++ b/Makefile.am @@ -37,6 +37,7 @@ guix-commit.txt: Makefile %.scm: %.scm.tmpl guix-commit.txt Makefile sed \ "s#DOMAIN#$(DOMAIN)#g ; \ + s#ENABLE_WIREGUARD#$(ENABLE_WIREGUARD)#g ; \ s#LETSENCRYPT_EMAIL#$(LETSENCRYPT_EMAIL)#g ; \ s#VM_IPV4_ADDRESS#$(VM_IPV4_ADDRESS)#g ; \ s#VM_IPV6_ADDRESS#$(VM_IPV6_ADDRESS)#g ; \ diff --git a/configure.ac b/configure.ac index 14b3962..1364e97 100644 --- a/configure.ac +++ b/configure.ac @@ -24,6 +24,7 @@ AC_CHECK_PROG([GUIX], [guix], [guix]) AC_CHECK_PROG([SED], [sed], [sed]) AC_SUBST([DOMAIN], []) +AC_SUBST([ENABLE_WIREGUARD], []) AC_SUBST([LETSENCRYPT_EMAIL], []) AC_SUBST([VM_IPV4_ADDRESS], []) AC_SUBST([VM_IPV6_ADDRESS], []) @@ -40,6 +41,12 @@ AC_ARG_WITH([domain], [DOMAIN=$withval], [DOMAIN=audio.experimental.a-lec.org]) +AC_ARG_ENABLE(wireguard, + [AS_HELP_STRING([--enable-wireguard], + [Use Wireguard to obtain a public IP address (default=disabled)])], + [ENABLE_WIREGUARD="$enableval"], + [ENABLE_WIREGUARD="no"]) + AC_ARG_WITH([letsencrypt-email], [AS_HELP_STRING([--with-letsencrypt-email=LETSENCRYPT_EMAIL], [Use custom email address for Let's Encrypt registration and recovery @@ -118,3 +125,6 @@ echo " DNS: $VM_IPV6_DNS" echo "- SSH settings:" echo " public key: $VM_SSH_PUB_KEY" echo " address: $VM_SSH_ADDRESS" +AS_IF([test x"$ENABLE_WIREGUARD" = x"yes"], + [echo "- Wireguard: enabled"], + [echo "- Wireguard: disabled"]) diff --git a/mumble-vm-system.scm.tmpl b/mumble-vm-system.scm.tmpl index fe58eb8..681edd3 100644 --- a/mumble-vm-system.scm.tmpl +++ b/mumble-vm-system.scm.tmpl @@ -28,6 +28,8 @@ #:use-module (guix utils) #:export (mumble-vm-operating-system)) +(define enable-wireguard? (string=? "yes" "ENABLE_WIREGUARD")) + (define website (package (name "website") @@ -137,8 +139,10 @@ the services after that.") net-tools nmon openssh-sans-x - website - wireguard-post-up-fixups) + website) + (if enable-wireguard? + (list wireguard-post-up-fixups) + (list )) %base-packages)) (services (append @@ -232,22 +236,25 @@ https://DOMAIN/ `(("root" , (local-file "id_ed25519.pub")) ("gnutoo" ,(local-file "id_ed25519.pub")))))) ;; Unattended Upgrades - (service unattended-upgrade-service-type) - (service wireguard-service-type - (wireguard-configuration - (addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128")) - (dns '("79.143.250.1" "79.143.250.2" - "2001:678:938::53:1" "2001:678:938::53:2")) - (port 0) - (post-up %wireguard-post-up) - (private-key (local-file "id_wireguard")) - (peers - (list - (wireguard-peer - (name "stephanie.franciliens.net") - (endpoint "stephanie.franciliens.net:51820") - (public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=") - (allowed-ips '("0.0.0.0/0" "::/0")))))))) + (service unattended-upgrade-service-type)) + (if enable-wireguard? + (list + (service wireguard-service-type + (wireguard-configuration + (addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128")) + (dns '("79.143.250.1" "79.143.250.2" + "2001:678:938::53:1" "2001:678:938::53:2")) + (port 0) + (post-up %wireguard-post-up) + (private-key (local-file "id_wireguard")) + (peers + (list + (wireguard-peer + (name "stephanie.franciliens.net") + (endpoint "stephanie.franciliens.net:51820") + (public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=") + (allowed-ips '("0.0.0.0/0" "::/0")))))))) + (list )) (modify-services %base-services (guix-service-type config => (guix-configuration