Make WireGuard disabled by default.

WireGuard is hardcoded to my configuration, so it needs to be
disabled by default.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
Denis 'GNUtoo' Carikli 2023-09-18 23:38:35 +02:00
parent 251664e2e9
commit 7bbeec490a
Signed by: GNUtoo
GPG Key ID: 5F5DFCC14177E263
3 changed files with 36 additions and 18 deletions

View File

@ -37,6 +37,7 @@ guix-commit.txt: Makefile
%.scm: %.scm.tmpl guix-commit.txt Makefile %.scm: %.scm.tmpl guix-commit.txt Makefile
sed \ sed \
"s#DOMAIN#$(DOMAIN)#g ; \ "s#DOMAIN#$(DOMAIN)#g ; \
s#ENABLE_WIREGUARD#$(ENABLE_WIREGUARD)#g ; \
s#LETSENCRYPT_EMAIL#$(LETSENCRYPT_EMAIL)#g ; \ s#LETSENCRYPT_EMAIL#$(LETSENCRYPT_EMAIL)#g ; \
s#VM_IPV4_ADDRESS#$(VM_IPV4_ADDRESS)#g ; \ s#VM_IPV4_ADDRESS#$(VM_IPV4_ADDRESS)#g ; \
s#VM_IPV6_ADDRESS#$(VM_IPV6_ADDRESS)#g ; \ s#VM_IPV6_ADDRESS#$(VM_IPV6_ADDRESS)#g ; \

View File

@ -24,6 +24,7 @@ AC_CHECK_PROG([GUIX], [guix], [guix])
AC_CHECK_PROG([SED], [sed], [sed]) AC_CHECK_PROG([SED], [sed], [sed])
AC_SUBST([DOMAIN], []) AC_SUBST([DOMAIN], [])
AC_SUBST([ENABLE_WIREGUARD], [])
AC_SUBST([LETSENCRYPT_EMAIL], []) AC_SUBST([LETSENCRYPT_EMAIL], [])
AC_SUBST([VM_IPV4_ADDRESS], []) AC_SUBST([VM_IPV4_ADDRESS], [])
AC_SUBST([VM_IPV6_ADDRESS], []) AC_SUBST([VM_IPV6_ADDRESS], [])
@ -40,6 +41,12 @@ AC_ARG_WITH([domain],
[DOMAIN=$withval], [DOMAIN=$withval],
[DOMAIN=audio.experimental.a-lec.org]) [DOMAIN=audio.experimental.a-lec.org])
AC_ARG_ENABLE(wireguard,
[AS_HELP_STRING([--enable-wireguard],
[Use Wireguard to obtain a public IP address (default=disabled)])],
[ENABLE_WIREGUARD="$enableval"],
[ENABLE_WIREGUARD="no"])
AC_ARG_WITH([letsencrypt-email], AC_ARG_WITH([letsencrypt-email],
[AS_HELP_STRING([--with-letsencrypt-email=LETSENCRYPT_EMAIL], [Use [AS_HELP_STRING([--with-letsencrypt-email=LETSENCRYPT_EMAIL], [Use
custom email address for Let's Encrypt registration and recovery custom email address for Let's Encrypt registration and recovery
@ -118,3 +125,6 @@ echo " DNS: $VM_IPV6_DNS"
echo "- SSH settings:" echo "- SSH settings:"
echo " public key: $VM_SSH_PUB_KEY" echo " public key: $VM_SSH_PUB_KEY"
echo " address: $VM_SSH_ADDRESS" echo " address: $VM_SSH_ADDRESS"
AS_IF([test x"$ENABLE_WIREGUARD" = x"yes"],
[echo "- Wireguard: enabled"],
[echo "- Wireguard: disabled"])

View File

@ -28,6 +28,8 @@
#:use-module (guix utils) #:use-module (guix utils)
#:export (mumble-vm-operating-system)) #:export (mumble-vm-operating-system))
(define enable-wireguard? (string=? "yes" "ENABLE_WIREGUARD"))
(define website (define website
(package (package
(name "website") (name "website")
@ -137,8 +139,10 @@ the services after that.")
net-tools net-tools
nmon nmon
openssh-sans-x openssh-sans-x
website website)
wireguard-post-up-fixups) (if enable-wireguard?
(list wireguard-post-up-fixups)
(list ))
%base-packages)) %base-packages))
(services (services
(append (append
@ -232,22 +236,25 @@ https://DOMAIN/
`(("root" , (local-file "id_ed25519.pub")) `(("root" , (local-file "id_ed25519.pub"))
("gnutoo" ,(local-file "id_ed25519.pub")))))) ("gnutoo" ,(local-file "id_ed25519.pub"))))))
;; Unattended Upgrades ;; Unattended Upgrades
(service unattended-upgrade-service-type) (service unattended-upgrade-service-type))
(service wireguard-service-type (if enable-wireguard?
(wireguard-configuration (list
(addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128")) (service wireguard-service-type
(dns '("79.143.250.1" "79.143.250.2" (wireguard-configuration
"2001:678:938::53:1" "2001:678:938::53:2")) (addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128"))
(port 0) (dns '("79.143.250.1" "79.143.250.2"
(post-up %wireguard-post-up) "2001:678:938::53:1" "2001:678:938::53:2"))
(private-key (local-file "id_wireguard")) (port 0)
(peers (post-up %wireguard-post-up)
(list (private-key (local-file "id_wireguard"))
(wireguard-peer (peers
(name "stephanie.franciliens.net") (list
(endpoint "stephanie.franciliens.net:51820") (wireguard-peer
(public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=") (name "stephanie.franciliens.net")
(allowed-ips '("0.0.0.0/0" "::/0")))))))) (endpoint "stephanie.franciliens.net:51820")
(public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=")
(allowed-ips '("0.0.0.0/0" "::/0"))))))))
(list ))
(modify-services (modify-services
%base-services %base-services
(guix-service-type config => (guix-configuration (guix-service-type config => (guix-configuration