Make WireGuard disabled by default.
WireGuard is hardcoded to my configuration, so it needs to be disabled by default. Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
parent
251664e2e9
commit
7bbeec490a
|
@ -37,6 +37,7 @@ guix-commit.txt: Makefile
|
||||||
%.scm: %.scm.tmpl guix-commit.txt Makefile
|
%.scm: %.scm.tmpl guix-commit.txt Makefile
|
||||||
sed \
|
sed \
|
||||||
"s#DOMAIN#$(DOMAIN)#g ; \
|
"s#DOMAIN#$(DOMAIN)#g ; \
|
||||||
|
s#ENABLE_WIREGUARD#$(ENABLE_WIREGUARD)#g ; \
|
||||||
s#LETSENCRYPT_EMAIL#$(LETSENCRYPT_EMAIL)#g ; \
|
s#LETSENCRYPT_EMAIL#$(LETSENCRYPT_EMAIL)#g ; \
|
||||||
s#VM_IPV4_ADDRESS#$(VM_IPV4_ADDRESS)#g ; \
|
s#VM_IPV4_ADDRESS#$(VM_IPV4_ADDRESS)#g ; \
|
||||||
s#VM_IPV6_ADDRESS#$(VM_IPV6_ADDRESS)#g ; \
|
s#VM_IPV6_ADDRESS#$(VM_IPV6_ADDRESS)#g ; \
|
||||||
|
|
10
configure.ac
10
configure.ac
|
@ -24,6 +24,7 @@ AC_CHECK_PROG([GUIX], [guix], [guix])
|
||||||
AC_CHECK_PROG([SED], [sed], [sed])
|
AC_CHECK_PROG([SED], [sed], [sed])
|
||||||
|
|
||||||
AC_SUBST([DOMAIN], [])
|
AC_SUBST([DOMAIN], [])
|
||||||
|
AC_SUBST([ENABLE_WIREGUARD], [])
|
||||||
AC_SUBST([LETSENCRYPT_EMAIL], [])
|
AC_SUBST([LETSENCRYPT_EMAIL], [])
|
||||||
AC_SUBST([VM_IPV4_ADDRESS], [])
|
AC_SUBST([VM_IPV4_ADDRESS], [])
|
||||||
AC_SUBST([VM_IPV6_ADDRESS], [])
|
AC_SUBST([VM_IPV6_ADDRESS], [])
|
||||||
|
@ -40,6 +41,12 @@ AC_ARG_WITH([domain],
|
||||||
[DOMAIN=$withval],
|
[DOMAIN=$withval],
|
||||||
[DOMAIN=audio.experimental.a-lec.org])
|
[DOMAIN=audio.experimental.a-lec.org])
|
||||||
|
|
||||||
|
AC_ARG_ENABLE(wireguard,
|
||||||
|
[AS_HELP_STRING([--enable-wireguard],
|
||||||
|
[Use Wireguard to obtain a public IP address (default=disabled)])],
|
||||||
|
[ENABLE_WIREGUARD="$enableval"],
|
||||||
|
[ENABLE_WIREGUARD="no"])
|
||||||
|
|
||||||
AC_ARG_WITH([letsencrypt-email],
|
AC_ARG_WITH([letsencrypt-email],
|
||||||
[AS_HELP_STRING([--with-letsencrypt-email=LETSENCRYPT_EMAIL], [Use
|
[AS_HELP_STRING([--with-letsencrypt-email=LETSENCRYPT_EMAIL], [Use
|
||||||
custom email address for Let's Encrypt registration and recovery
|
custom email address for Let's Encrypt registration and recovery
|
||||||
|
@ -118,3 +125,6 @@ echo " DNS: $VM_IPV6_DNS"
|
||||||
echo "- SSH settings:"
|
echo "- SSH settings:"
|
||||||
echo " public key: $VM_SSH_PUB_KEY"
|
echo " public key: $VM_SSH_PUB_KEY"
|
||||||
echo " address: $VM_SSH_ADDRESS"
|
echo " address: $VM_SSH_ADDRESS"
|
||||||
|
AS_IF([test x"$ENABLE_WIREGUARD" = x"yes"],
|
||||||
|
[echo "- Wireguard: enabled"],
|
||||||
|
[echo "- Wireguard: disabled"])
|
||||||
|
|
|
@ -28,6 +28,8 @@
|
||||||
#:use-module (guix utils)
|
#:use-module (guix utils)
|
||||||
#:export (mumble-vm-operating-system))
|
#:export (mumble-vm-operating-system))
|
||||||
|
|
||||||
|
(define enable-wireguard? (string=? "yes" "ENABLE_WIREGUARD"))
|
||||||
|
|
||||||
(define website
|
(define website
|
||||||
(package
|
(package
|
||||||
(name "website")
|
(name "website")
|
||||||
|
@ -137,8 +139,10 @@ the services after that.")
|
||||||
net-tools
|
net-tools
|
||||||
nmon
|
nmon
|
||||||
openssh-sans-x
|
openssh-sans-x
|
||||||
website
|
website)
|
||||||
wireguard-post-up-fixups)
|
(if enable-wireguard?
|
||||||
|
(list wireguard-post-up-fixups)
|
||||||
|
(list ))
|
||||||
%base-packages))
|
%base-packages))
|
||||||
(services
|
(services
|
||||||
(append
|
(append
|
||||||
|
@ -232,22 +236,25 @@ https://DOMAIN/
|
||||||
`(("root" , (local-file "id_ed25519.pub"))
|
`(("root" , (local-file "id_ed25519.pub"))
|
||||||
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
||||||
;; Unattended Upgrades
|
;; Unattended Upgrades
|
||||||
(service unattended-upgrade-service-type)
|
(service unattended-upgrade-service-type))
|
||||||
(service wireguard-service-type
|
(if enable-wireguard?
|
||||||
(wireguard-configuration
|
(list
|
||||||
(addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128"))
|
(service wireguard-service-type
|
||||||
(dns '("79.143.250.1" "79.143.250.2"
|
(wireguard-configuration
|
||||||
"2001:678:938::53:1" "2001:678:938::53:2"))
|
(addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128"))
|
||||||
(port 0)
|
(dns '("79.143.250.1" "79.143.250.2"
|
||||||
(post-up %wireguard-post-up)
|
"2001:678:938::53:1" "2001:678:938::53:2"))
|
||||||
(private-key (local-file "id_wireguard"))
|
(port 0)
|
||||||
(peers
|
(post-up %wireguard-post-up)
|
||||||
(list
|
(private-key (local-file "id_wireguard"))
|
||||||
(wireguard-peer
|
(peers
|
||||||
(name "stephanie.franciliens.net")
|
(list
|
||||||
(endpoint "stephanie.franciliens.net:51820")
|
(wireguard-peer
|
||||||
(public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=")
|
(name "stephanie.franciliens.net")
|
||||||
(allowed-ips '("0.0.0.0/0" "::/0"))))))))
|
(endpoint "stephanie.franciliens.net:51820")
|
||||||
|
(public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=")
|
||||||
|
(allowed-ips '("0.0.0.0/0" "::/0"))))))))
|
||||||
|
(list ))
|
||||||
(modify-services
|
(modify-services
|
||||||
%base-services
|
%base-services
|
||||||
(guix-service-type config => (guix-configuration
|
(guix-service-type config => (guix-configuration
|
||||||
|
|
Loading…
Reference in New Issue