Re: Include directive to support "conf.d/*" and the like
On Sat, 14 Apr 2018 03:47:57 +0200 "Jason A. Donenfeld"wrote: > Hi Roman, > > This also came up in another thread I was replying to earlier tonight. > While one way indeed is to have an 'include' directive, it seems > simple enough to just do something like: > > $ wg setconf wg0 <(cat /etc/wireguard/mysite.conf.d/*.conf) > > And then you can have various fragments in there like: > > 000-interface.conf > 001-peergroupA.conf > 001-peergroupB.conf > 001-peergroupC.conf > > And so forth. Would this be an acceptable solution for you? Yeah, thanks. I settled on a solution similar to this. Since WG in my case is "external" to the main OS (i.e. not wired into standard initscripts or network configuration), I have my own shell-script bringing it up anyways -- and that script might as well pre-process or generate the configuration file. So now I build a full config file in /tmp/ from various pieces and auto-detected host-specific conditions, and then do a setconf to that. (Rather than addconf as some suggested, I prefer to have the complete file available on disk for inspection in case any debugging is needed). -- With respect, Roman ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Include directive to support "conf.d/*" and the like
Hi Roman, This also came up in another thread I was replying to earlier tonight. While one way indeed is to have an 'include' directive, it seems simple enough to just do something like: $ wg setconf wg0 <(cat /etc/wireguard/mysite.conf.d/*.conf) And then you can have various fragments in there like: 000-interface.conf 001-peergroupA.conf 001-peergroupB.conf 001-peergroupC.conf And so forth. Would this be an acceptable solution for you? Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Include directive to support "conf.d/*" and the like
On Fri 2018-03-16 13:02:22 +0500, Roman Mamedov wrote: > While it would be nice if WireGuard had a "hosts/" directory like Tinc uses > (basically storing its equivalents of WG's [Peer] sections each in a separate > file), I feel the most flexible way to support such scenarios would be to have > a generic "Include" directive. That way I could do > "Include /etc/wireguard/peers/*.conf" and then not only store each peer > information in its own file, but also roll-out or fetch and > add/remove/overwrite those files from a central repository. If you're automating deployment you can always store the config file broken out this way and then assemble a single config during deployment with a simple wrapper script. or you could generate the full .conf from some other toolchain entirely (e.g., export from an rdbms or generate from a dump from some other pki) -- it's not as clean or tightly integrated as it would be to have an include directive, but it's certainly easier to rig together. --dkg ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard