From aa12068c91d40c568a44c8d2e36d2ee88ce79d84 Mon Sep 17 00:00:00 2001
From: Richard Sent <richard@freakingpenguin.com>
Date: Wed, 4 Dec 2024 15:59:33 -0500
Subject: services: wireguard: Make the private-key field optional.

Users who retrieve the private-key via a PreUp field need to be able to
disable the default retrieval mechanism.

* gnu/services/vpn.scm (<wireguard-configuration>)[private-key]: Change
comment.
(wireguard-configuration-file): Conditionally serialize private-key.
* gnu/services/vpn.scm (wireguard-activation): Do not create private-key if
the field is #f.
* doc/guix.texi (VPN Services)[wireguard-configuration]: Document it.

Change-Id: Iac419809ae94eb76e97ff1f1749e2f4b3e65bb04
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
---
 doc/guix.texi | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/guix.texi b/doc/guix.texi
index f43cb53990..fa9a147bd0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -34626,7 +34626,9 @@ an mcron time specification (@pxref{Guile Syntax,,,mcron}).
 
 @item @code{private-key} (default: @code{"/etc/wireguard/private.key"})
 The private key file for the interface.  It is automatically generated
-if the file does not exist.
+if the file does not exist.  If this field is @code{#f}, a private key
+is not automatically created and the path is not serialized to the
+configuration file.
 
 @item @code{peers} (default: @code{'()})
 The authorized peers on this interface.  This is a list of
-- 
cgit v1.2.3