Hi Guixers, I'm trying to patch the `wireguard-service-type' to accept pre-shared keys and add them to the generated config. This all seems to work fine, except that I can't get guix to generate a non-world-readable configuration file.
I've tried adding a `(chmod port #o400)' call to the end of the lambda that generates the config file (gnu/services/vpn.scm lines 784-838), but that seems to have no effect -- the resulting file at /gnu/store/...-wireguard-config/wg0.conf is still world-readable. Adding `(chmod #$config-file #o400)' after the `call-with-output-file' call doesn't work either. What do I need to do to make guix install the generated config file with 0400 permissions? Cheers, Timo
