Re: Include directive to support "conf.d/*" and the like

2018-04-14 Thread Roman Mamedov 
On Sat, 14 Apr 2018 03:47:57 +0200
"Jason A. Donenfeld"  wrote:

> Hi Roman,
> 
> This also came up in another thread I was replying to earlier tonight.
> While one way indeed is to have an 'include' directive, it seems
> simple enough to just do something like:
> 
> $ wg setconf wg0 <(cat /etc/wireguard/mysite.conf.d/*.conf)
> 
> And then you can have various fragments in there like:
> 
> 000-interface.conf
> 001-peergroupA.conf
> 001-peergroupB.conf
> 001-peergroupC.conf
> 
> And so forth. Would this be an acceptable solution for you?

Yeah, thanks. I settled on a solution similar to this. Since WG in my case is
"external" to the main OS (i.e. not wired into standard initscripts or network
configuration), I have my own shell-script bringing it up anyways -- and that
script might as well pre-process or generate the configuration file. So now I
build a full config file in /tmp/ from various pieces and auto-detected
host-specific conditions, and then do a setconf to that. (Rather than addconf
as some suggested, I prefer to have the complete file available on disk for
inspection in case any debugging is needed).

-- 
With respect,
Roman
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Include directive to support "conf.d/*" and the like

2018-04-13 Thread Jason A. Donenfeld 
Hi Roman,

This also came up in another thread I was replying to earlier tonight.
While one way indeed is to have an 'include' directive, it seems
simple enough to just do something like:

$ wg setconf wg0 <(cat /etc/wireguard/mysite.conf.d/*.conf)

And then you can have various fragments in there like:

000-interface.conf
001-peergroupA.conf
001-peergroupB.conf
001-peergroupC.conf

And so forth. Would this be an acceptable solution for you?

Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Include directive to support "conf.d/*" and the like

2018-03-16 Thread Daniel Kahn Gillmor 
On Fri 2018-03-16 13:02:22 +0500, Roman Mamedov wrote:
> While it would be nice if WireGuard had a "hosts/" directory like Tinc uses
> (basically storing its equivalents of WG's [Peer] sections each in a separate
> file), I feel the most flexible way to support such scenarios would be to have
> a generic "Include" directive. That way I could do
> "Include /etc/wireguard/peers/*.conf" and then not only store each peer
> information in its own file, but also roll-out or fetch and
> add/remove/overwrite those files from a central repository.

If you're automating deployment you can always store the config file
broken out this way and then assemble a single config during deployment
with a simple wrapper script.  or you could generate the full .conf from
some other toolchain entirely (e.g., export from an rdbms or generate
from a dump from some other pki) -- it's not as clean or tightly
integrated as it would be to have an include directive, but it's
certainly easier to rig together.

--dkg
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard