summaryrefslogtreecommitdiff
path: root/tw/services
diff options
context:
space:
mode:
Diffstat (limited to 'tw/services')
-rw-r--r--tw/services/files/wireguard/lap-fp4.psk.enc8
-rw-r--r--tw/services/files/wireguard/lap-lud.psk.enc8
-rw-r--r--tw/services/files/wireguard/lap-pi3.psk.enc8
-rw-r--r--tw/services/files/wireguard/lap-vin.psk.enc8
-rw-r--r--tw/services/files/wireguard/lap.key.enc8
-rw-r--r--tw/services/files/wireguard/lud-fp4.psk.enc8
-rw-r--r--tw/services/files/wireguard/lud-lap.psk.enc8
-rw-r--r--tw/services/files/wireguard/lud-pi3.psk.enc8
-rw-r--r--tw/services/files/wireguard/lud-vin.psk.enc8
-rw-r--r--tw/services/files/wireguard/lud.key.enc8
-rw-r--r--tw/services/files/wireguard/vin-fp4.psk.enc8
-rw-r--r--tw/services/files/wireguard/vin-lap.psk.enc8
-rw-r--r--tw/services/files/wireguard/vin-lud.psk.enc8
-rw-r--r--tw/services/files/wireguard/vin-pi3.psk.enc8
-rw-r--r--tw/services/files/wireguard/vin.key.enc8
-rw-r--r--tw/services/wireguard.scm86
16 files changed, 183 insertions, 23 deletions
diff --git a/tw/services/files/wireguard/lap-fp4.psk.enc b/tw/services/files/wireguard/lap-fp4.psk.enc
new file mode 100644
index 00000000..170235ce
--- /dev/null
+++ b/tw/services/files/wireguard/lap-fp4.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWamMrRWw2RWc5WEErdnJs
+UnhySUJOaDIwSktpWVFtYUNOL1g5L0d4UkZvCitvdWF0QkNLQzdPT2NHSzAwSnM1
+RWVwMnJuaUxJMUhSKzl6Q3NkOXVyQkkKLS0tIGtmakJBaUxHZmp4UmJCbE03K2xF
+Yi9Bbk5XZGdlUXNURkwrcy9ydm9ORjQK2J0gYNONcSb0DpGFFkxZ2XRQLC5lRysY
+O6MZeSm1sin4Bj5ZOxluWxpvR2fLoxuHJcd1F4ylHxPMQ2TWKjQuHZXaFXnZ6VYY
+/+jvJ7g=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/lap-lud.psk.enc b/tw/services/files/wireguard/lap-lud.psk.enc
new file mode 100644
index 00000000..15ba1599
--- /dev/null
+++ b/tw/services/files/wireguard/lap-lud.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrKytNRncwdWJNRHZPSlZ0
+ZWJLNnE3WGxDQ2hCYkRkdUZFSU10aVBWc1M4CjY5QThSZERpUnpNcyt5VjdWZFI1
+SzNyRnd4ejV2NkFjWEd3THRZZ3ZhSEUKLS0tIDBhNi9FdUJmckh3MHRNeVo2aEF3
+N3FlWXVzMGpTcloxcWZLVi9VQXp4VjQKUmehShAWGRDMGIkVv4gcvf9TCO9wEgVk
+doVPsp8a5AbEUerD4/RHuaOJjA0jNVp799xHISt89rwgTydw3vmuqgRXTEStWOCe
+VnDxSVs=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/lap-pi3.psk.enc b/tw/services/files/wireguard/lap-pi3.psk.enc
new file mode 100644
index 00000000..00d75345
--- /dev/null
+++ b/tw/services/files/wireguard/lap-pi3.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5TGFUek56c2RDd3diTlRx
+VnY4N1hkWFZsYmcrczBCRzhEcDJoVWNzQ3pFCkJDSkRnWkovcmhTM0NpSDY1Z0xX
+NFpmWjNMVCtYb1VZUkpZNDJpOXFtbzQKLS0tIGZTYldyRFBGaUZpSk5ubHRhU0Zv
+M2gxZFc0SUU2K2lTU3VHS1hRWHNLalEKoqVMqXTweXjV4JutcoN6reXECegeY6iX
+fzF8aRrczJMYpLxzpW0Oo5RmUumOvNXdm4tcO6g2QpDHQXFp7O6jGAKeyP0GQ7kg
+lf5ZW9w=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/lap-vin.psk.enc b/tw/services/files/wireguard/lap-vin.psk.enc
new file mode 100644
index 00000000..a335cc14
--- /dev/null
+++ b/tw/services/files/wireguard/lap-vin.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UmVGZG9VMlVubk1nVmNE
+VnFONXZ1V01nb1BTaFNaMldoRFYvMlZKU0Y4CndvUmxHZEJ0KzZQWHlPeUgvdjJS
+VWF3bkNNMHhWenVLdFdnYVhQcUNCTXcKLS0tIEk4aE9weDNKRFI1RzQ3NXBwYWNz
+MU8vSlhkSS80M0w0bWFhNzkxY2d2SmcKUUMsAD+yY6wGjaSTxRgzjABQ/qPwjKNE
++Pz0nnyJkXPrwlHFS+g5n+VUz6NzKi2zxdaDpgsKkGrSkqSHij1z77ZjdKwcy/uv
+7auCjMM=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/lap.key.enc b/tw/services/files/wireguard/lap.key.enc
new file mode 100644
index 00000000..ce7bac3b
--- /dev/null
+++ b/tw/services/files/wireguard/lap.key.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUHZYQVJFenpUbjdQOVVx
+dW1mT0VIelR3aTA2ZVRnR01TU21zcE5LZ1VFCkdwQk9VczJjV0psK1Mza2UrUk1H
+V3k4R2ovQjhFb0k3NzVueHlkTWk1UUUKLS0tIFdxUTllcmNwSkxzYzBWT0ZRcE5m
+RlBqTWVyQ3RJY3ZTb3Y0ZjZsc0xFc0EKJvJ6KrnyxHqucgTydIsnX2dwKqQQwdrg
+OHrWGorh3v44xHpHJrS94gnC5AzCblKVVNt5/93esUaUsXYRwaAhQu5TVoUeFdjP
+b9POXvk=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/lud-fp4.psk.enc b/tw/services/files/wireguard/lud-fp4.psk.enc
new file mode 100644
index 00000000..dedc8814
--- /dev/null
+++ b/tw/services/files/wireguard/lud-fp4.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHBESlBiZyA5Y2dn
+N0M2dkZZN3MyU0dMbnExbGdBSEVlVGxIVjkwY1VieEN3TWR5cDE0CnFIS1ZsSDll
+UHNwaG1jZU1LQTJGSE5nS2hsMkRVdmhrUFhMYVlwMHdOaGcKLS0tIHY1bjkzcE9t
+UzlySGxtUFRuQUIyYldmY1ZpeTlXOVFYYmdRQXBuUmN1Z2MK14xQAizZ0KvIA0DR
+2IEexRvj8V49M5fSShXxQrY3RU+s96Dg5d1giDFvYmIpwQbECFKDwYKfSMQwVtpW
+R9XiBZz2ptyPgQJ19Kku12k=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/lud-lap.psk.enc b/tw/services/files/wireguard/lud-lap.psk.enc
new file mode 100644
index 00000000..91d1bb1a
--- /dev/null
+++ b/tw/services/files/wireguard/lud-lap.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHBESlBiZyA3VGNL
+NHhLejluZzk1K3B4bzdUaThzU2Z3TWMzZUJrV0tGWHlnY2xSangwCm1pSUFYV3k2
+UHdIT25adWhVRXZ5eXJqR2ZyVVhtdnpOd1V5aWlpVG91c00KLS0tIHpjV1Y5blNO
+bysvbHJUWFprTUtrM054VDZwaTFPWHArb1JES2lNWVNUbUUKPAedksMUAimxMhC1
+Qad62SexojfI3+iI/vzdEDhjNOpohMBPejy4cLPY3EpQKtp3XoFz8S5E2hd+SraQ
+bJcw6u7JGgr3zdKBrI6TW/Y=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/lud-pi3.psk.enc b/tw/services/files/wireguard/lud-pi3.psk.enc
new file mode 100644
index 00000000..32b8097a
--- /dev/null
+++ b/tw/services/files/wireguard/lud-pi3.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHBESlBiZyAwWmVh
+dFZ1S2ZCOXpNZ1VkNmFtcVBzOGczV1FUV2U1eVdZQXVvTFhLL0dZCkRBZE5KTERL
+UFBlQ1c3NnhMNllsRTF0QVN5ZERiUFVpQTVONVY5WkZaWmcKLS0tIDNPaWlVYS9L
+cm1lU21obm9Yb1h4djhDTk5jQ1prbnF4VnptNmVCY0p6c1EKWijtgsgWpKl+d5tL
+Mf16dmJ31IzLNuY8uy0VFtiAqLnyfa5mpYpDUG9OH/i80zDrlqWOQpWtrp76BLdT
+PfILs3kDlReEYXlPSNVSyIQ=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/lud-vin.psk.enc b/tw/services/files/wireguard/lud-vin.psk.enc
new file mode 100644
index 00000000..693a886a
--- /dev/null
+++ b/tw/services/files/wireguard/lud-vin.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHBESlBiZyBHRjlH
+OUVkb1VvZ3N0WFl0MzFyeGIzcVJvWGVNQ0lZN2Y2VWNJS3RldnpBCkZWdlZBSFNw
+QlBjM2dsbU5rYTQrQlFTWnlzY1VxY3ltbjkwek42Q1lMc0kKLS0tIExud1NrOWhi
+a0d1bmdIL1FERWhVK2ZDbytSRGd5R0M2Z2dia3BPMEp2aTQKQPxKQXV49/O/5IAW
+/nm4VVQKUfR5vZrp7Y9syodHz9+wm1zEoAELpRFyhLhd9DH1v0Bk2q+36lysKXD0
+FKd4ldl2NvSmt4o39YM3BP0=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/lud.key.enc b/tw/services/files/wireguard/lud.key.enc
new file mode 100644
index 00000000..5001f4ce
--- /dev/null
+++ b/tw/services/files/wireguard/lud.key.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHBESlBiZyBFcGhX
+RWF4RUhQYThRV3dtOTBLQlZJWmJNQWlUU3Y4UnpaNFZuUGJ0Z3pFCmtUcjl6TEpp
+UE50ejIySTNGQ3JBTmNUWjVVNjVrdzFDSHZFQnVlYkVkaEkKLS0tIEVqWGN3b0Ni
+cVBrZVpzelllb0dLZVljV2x3RkZNTkMyQzVSY0RnSXIwVWsKW42mh3RidTcaeqqV
+3+Fbk3w9S1c3TKpO3Pz6Ei2SpH2V9zfNnQjJYfJFumZzQbDNAx956KaBvarjiDjk
+omyjFTuUtAUjZslkDuz3h0s=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/vin-fp4.psk.enc b/tw/services/files/wireguard/vin-fp4.psk.enc
new file mode 100644
index 00000000..e636c35d
--- /dev/null
+++ b/tw/services/files/wireguard/vin-fp4.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9TV0hVQSBoczBZ
+UkJwUDNpS3ZLNkZQMGVsd241YTNOay9OdzlnaTJLVTBlcjlZRmdBCnlrM2ZUV1Z1
+Q0ZuR3BHUGFTeVY1WUpha0hoaHRzOVRKK1F3WmF0bzZHa0kKLS0tIEM3Z1R5dzdF
+djRxcURzL2lBMGlHSWVhNGNtaktSL1JtUytkN0lzUURtREUKaULnyw47eRqRkI2w
+ROK8Rfp7zNWkVGE3vL9rSQhhkJL6rhORgbHFDjG7xAnWJECxSSa2xH9Xzcb4OY2K
+55hKMGzlEQi8HYuMrjOgm0E=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/vin-lap.psk.enc b/tw/services/files/wireguard/vin-lap.psk.enc
new file mode 100644
index 00000000..6975348d
--- /dev/null
+++ b/tw/services/files/wireguard/vin-lap.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9TV0hVQSBQNkVF
+TElJRys2d3NtRGszNDVaTzl1YUdISlg5bXU0Y1Zic1hVNHJ4ekVNCmQ1ZmUxMTM5
+VnZpNnBiZ2IrRWZmNTNyQnBhZysvdFJwVmk4L1F5MUtjb2sKLS0tIG9VcFRiNERC
+Zms4aUROMHd3WFZnTlcrZFdxSWsrMzAwNkpDQlEzQTB5dHMKEtKI+rIW9dPVmAXr
+ZAXvEqxw4oC5C6MVwPKjMnpo8D5XuAbU5nXYbaTqmxAJ6cUL9n0ohmet4F1dN4Ni
++JsXzA00hPm3KijiuiD6rJ8=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/vin-lud.psk.enc b/tw/services/files/wireguard/vin-lud.psk.enc
new file mode 100644
index 00000000..ba725037
--- /dev/null
+++ b/tw/services/files/wireguard/vin-lud.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9TV0hVQSBOUm5x
+R2J2UDBxamg5MjVqTTZhOGE1NHdDOENXTWlFKzZMRW4vWjNWZkc4CjFPanJQTmQ2
+ZFJtZHF3Y09INXlNRmdrdUVBSUY5SkwyUGNJZVZNL0ZUN00KLS0tIFhsd3BKMkNG
+R3dJRFFYeHY2UjVESmZNTUhQd240eDgrQXpGdk9WTkhLdGsKqzXzlh9nwmR2bfwE
+mg95yfy6LqDs1tQLMzVqDXvKxz4yrZkI4IXHwGWOt2MAvOYC5ln/UhlJry2D3tpG
+2ZaopoLD8E1Q4yNLdqMWO6Q=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/vin-pi3.psk.enc b/tw/services/files/wireguard/vin-pi3.psk.enc
new file mode 100644
index 00000000..e273896c
--- /dev/null
+++ b/tw/services/files/wireguard/vin-pi3.psk.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9TV0hVQSBuL2c3
+YW9mbXRhTjVjQ2Q1TlVJMzJjaHRPcS9oeVRlSDVPak1paTBTZzBvCk5pdElRNS80
+djdvWERuRUE3ZkVCR0RLZDdscHUwUUgya2kyeUwrdXdtVHcKLS0tIFp4QWlIZWZl
+L0dabXJEbm15cGZoeUZ5N3JMSHVxUGUyTFpPT250VzZJejQK41qhHwdeK+M5fWzE
+ApbvvEg38s2xKhhH2+NiSGNmwGkFDftopdlnYgeFoA981B/EnpDLbvRTs9FUdSZd
+Kcq4eo38LFBLqcZUysia9JE=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/files/wireguard/vin.key.enc b/tw/services/files/wireguard/vin.key.enc
new file mode 100644
index 00000000..76b7bed2
--- /dev/null
+++ b/tw/services/files/wireguard/vin.key.enc
@@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9TV0hVQSBUSUNz
+NXNaS3M4cU9aSDJNbThLQUhqUCtjbFdMTjF6and5UXFBd1grWWlvCjVFR2E2aFJl
+blU3MjlBUWYydTA4d2d5blA1NHU1azdoc3lKN0REYzQwNjgKLS0tIDJXSFNiUkVm
+b25ITlViSFY3RXRCMjFzWFZxSXE1ZjgrbDNYRE9aUlA3VTAK17WT34ih5ZrKQufr
+8XTp+CReWYEr+jIW5ap8IVy8Vn2ymhZ4zmo1vxcZZDZLkElMP7QXId6eaiQ6f5hY
+h/RgMhIDzLtYt5UCh18goqk=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tw/services/wireguard.scm b/tw/services/wireguard.scm
index 3d35cd2e..e975fe46 100644
--- a/tw/services/wireguard.scm
+++ b/tw/services/wireguard.scm
@@ -6,6 +6,10 @@
#:use-module (gnu services base)
#:use-module (gnu services configuration)
#:use-module (gnu services vpn)
+ #:use-module (guix gexp)
+ #:use-module ((guix records) #:select (match-record))
+ #:use-module ((guix utils) #:select (current-source-directory))
+ #:use-module (tw services secrets)
#:export (%wireguard-peers
tw-wireguard-configuration
tw-wireguard-service-type))
@@ -56,41 +60,76 @@
"The host name of the machine being configured.")
(peers
(wireguard-peers-list %wireguard-peers)
- "An alist of WireGuard peers to install."))
+ "An alist of WireGuard peers to install.")
+ (private-key-file
+ (string "/etc/wireguard/private.key")
+ "Where to store this host's private key."))
+
+(define (other-peers this-host peers)
+ (let ((own-peer (assoc-ref peers this-host)))
+ (delq own-peer (map cdr peers))))
(define (tw-wireguard-service config)
"Create a full WireGuard config from the personal network CONFIG."
- (let ((own-peer (assoc-ref (tw-wireguard-configuration-peers config)
- (tw-wireguard-configuration-this-host config))))
- (wireguard-configuration
- (addresses
- (map (lambda (cidr)
- (let ((ipv4 (string-match "/32$" cidr))
- (ipv6 (string-match "/128$" cidr)))
- (cond
- (ipv4 (regexp-substitute #f ipv4 'pre "/24"))
- (ipv6 (regexp-substitute #f ipv6 'pre "/64"))
- (#t cidr))))
- (wireguard-peer-allowed-ips own-peer)))
- (port
- (let ((endpoint (wireguard-peer-endpoint own-peer)))
+ (match-record config <tw-wireguard-configuration> (this-host peers private-key-file)
+ (match-record (assoc-ref peers this-host) (@@ (gnu services vpn) <wireguard-peer>) (endpoint allowed-ips)
+ (wireguard-configuration
+ (addresses
+ (map (lambda (cidr)
+ (let ((ipv4 (string-match "/32$" cidr))
+ (ipv6 (string-match "/128$" cidr)))
+ (cond
+ (ipv4 (regexp-substitute #f ipv4 'pre "/24"))
+ (ipv6 (regexp-substitute #f ipv6 'pre "/64"))
+ (#t cidr))))
+ allowed-ips))
+ (port
(if endpoint
(string->number (cadr (string-split endpoint #\:)))
- 58921)))
- (private-key "/etc/wireguard/private.key")
- (peers (delq own-peer (map cdr (tw-wireguard-configuration-peers config)))))))
+ 58921))
+ (private-key private-key-file)
+ (peers (other-peers this-host peers))))))
+
+(define (cut-string-at-char str char-pred)
+ "Return the first part of STR up to the first occurrence of CHAR-PRED."
+ (substring str 0 (string-index str char-pred)))
(define (peer->ips peer)
"Extract IP addresses assigned to the given `wireguard-peer' PEER."
- (map (compose car (cut string-split <> #\/))
+ (map (cut cut-string-at-char <> #\/)
(wireguard-peer-allowed-ips peer)))
(define (tw-wireguard-hosts config)
"Generate a hosts file entries from the personal WireGuard network CONFIG."
- (append-map (lambda (peer)
- (map (cut host <> (wireguard-peer-name peer))
- (peer->ips peer)))
- (map cdr (tw-wireguard-configuration-peers config))))
+ (define (peer->entries peer)
+ (map (cut host <> (wireguard-peer-name peer))
+ (peer->ips peer)))
+ (append-map (compose peer->entries cdr)
+ (tw-wireguard-configuration-peers config)))
+
+(define (tw-wireguard-secrets config)
+ "Install secrets for the host's private key and preshared keys with peers."
+ (define (local-file-here path)
+ (local-file
+ (canonicalize-path
+ (string-append
+ (current-source-directory) "/" path))))
+ (match-record config <tw-wireguard-configuration> (this-host peers private-key-file)
+ (define short-host (cut-string-at-char this-host #\.))
+ (define private-key
+ (secret
+ (encrypted-file
+ (local-file-here (string-append "files/wireguard/" short-host ".key.enc")))
+ (destination private-key-file)))
+ (define (peer->secret peer)
+ (let ((short-peer (cut-string-at-char (wireguard-peer-name peer) #\.)))
+ (secret
+ (encrypted-file
+ (local-file-here
+ (string-append "files/wireguard/" short-host "-" short-peer ".psk.enc")))
+ (destination
+ (string-append "/etc/wireguard/" short-peer ".psk")))))
+ (cons private-key (map peer->secret (other-peers this-host peers)))))
(define tw-wireguard-service-type
(service-type
@@ -98,6 +137,7 @@
(description "Set up my personal WireGuard network.")
(extensions
(cons* (service-extension hosts-service-type tw-wireguard-hosts)
+ (service-extension secrets-service-type tw-wireguard-secrets)
;; FIXME: `wireguard-service-type' cannot be extended, so copy its
;; service-extensions directly.
(map (lambda (ext)
generated by cgit v1.2.3 (git 2.46.0) at 2024-09-19 23:55:08 +0000