Make WireGuard disabled by default.

WireGuard is hardcoded to my configuration, so it needs to be
disabled by default.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

Makefile.am

@@ -37,6 +37,7 @@ guix-commit.txt: Makefile
 %.scm: %.scm.tmpl guix-commit.txt Makefile
 	sed \
 		"s#DOMAIN#$(DOMAIN)#g ; \
+		s#ENABLE_WIREGUARD#$(ENABLE_WIREGUARD)#g ; \
 		s#LETSENCRYPT_EMAIL#$(LETSENCRYPT_EMAIL)#g ; \
 		s#VM_IPV4_ADDRESS#$(VM_IPV4_ADDRESS)#g ; \
 		s#VM_IPV6_ADDRESS#$(VM_IPV6_ADDRESS)#g ; \

configure.ac

@@ -24,6 +24,7 @@ AC_CHECK_PROG([GUIX], [guix], [guix])
 AC_CHECK_PROG([SED], [sed], [sed])
 
 AC_SUBST([DOMAIN], [])
+AC_SUBST([ENABLE_WIREGUARD], [])
 AC_SUBST([LETSENCRYPT_EMAIL], [])
 AC_SUBST([VM_IPV4_ADDRESS], [])
 AC_SUBST([VM_IPV6_ADDRESS], [])
@@ -40,6 +41,12 @@ AC_ARG_WITH([domain],
   [DOMAIN=$withval],
   [DOMAIN=audio.experimental.a-lec.org])
 
+AC_ARG_ENABLE(wireguard,
+  [AS_HELP_STRING([--enable-wireguard],
+                  [Use Wireguard to obtain a public IP address (default=disabled)])],
+  [ENABLE_WIREGUARD="$enableval"],
+  [ENABLE_WIREGUARD="no"])
+
 AC_ARG_WITH([letsencrypt-email],
   [AS_HELP_STRING([--with-letsencrypt-email=LETSENCRYPT_EMAIL], [Use
   custom email address for Let's Encrypt registration and recovery
@@ -118,3 +125,6 @@ echo "  DNS: $VM_IPV6_DNS"
 echo "- SSH settings:"
 echo "  public key: $VM_SSH_PUB_KEY"
 echo "  address: $VM_SSH_ADDRESS"
+AS_IF([test x"$ENABLE_WIREGUARD" = x"yes"],
+      [echo "- Wireguard: enabled"],
+      [echo "- Wireguard: disabled"])

mumble-vm-system.scm.tmpl

@@ -28,6 +28,8 @@
   #:use-module (guix utils)
   #:export (mumble-vm-operating-system))
 
+(define enable-wireguard? (string=? "yes" "ENABLE_WIREGUARD"))
+
 (define website
   (package
     (name "website")
@@ -137,8 +139,10 @@ the services after that.")
            net-tools
            nmon
            openssh-sans-x
-           website
+           website)
-           wireguard-post-up-fixups)
+     (if enable-wireguard?
+         (list wireguard-post-up-fixups)
+         (list ))
      %base-packages))
    (services
     (append
@@ -232,22 +236,25 @@ https://DOMAIN/
                  `(("root" , (local-file "id_ed25519.pub"))
                    ("gnutoo" ,(local-file "id_ed25519.pub"))))))
       ;; Unattended Upgrades
-      (service unattended-upgrade-service-type)
+      (service unattended-upgrade-service-type))
-      (service wireguard-service-type
+     (if enable-wireguard?
-               (wireguard-configuration
+	 (list
-                (addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128"))
+	  (service wireguard-service-type
-                (dns '("79.143.250.1" "79.143.250.2"
+		   (wireguard-configuration
-                       "2001:678:938::53:1" "2001:678:938::53:2"))
+                    (addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128"))
-                (port 0)
+                    (dns '("79.143.250.1" "79.143.250.2"
-                (post-up %wireguard-post-up)
+			   "2001:678:938::53:1" "2001:678:938::53:2"))
-                (private-key (local-file "id_wireguard"))
+                    (port 0)
-                (peers
+                    (post-up %wireguard-post-up)
-                 (list
+                    (private-key (local-file "id_wireguard"))
-                  (wireguard-peer
+                    (peers
-                   (name "stephanie.franciliens.net")
+                     (list
-                   (endpoint "stephanie.franciliens.net:51820")
+                      (wireguard-peer
-                   (public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=")
+                       (name "stephanie.franciliens.net")
-                   (allowed-ips '("0.0.0.0/0" "::/0"))))))))
+                       (endpoint "stephanie.franciliens.net:51820")
+                       (public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=")
+                       (allowed-ips '("0.0.0.0/0" "::/0"))))))))
+	 (list ))
      (modify-services
       %base-services
       (guix-service-type config => (guix-configuration