branch master updated: gnu: vpn: Make ca, key and cert optional.

[guix-commits]

This is an automated email from the git hooks/post-receive script.

roptat pushed a commit to branch master
in repository guix.

The following commit(s) were added to refs/heads/master by this push:
     new 5221df3  gnu: vpn: Make ca, key and cert optional.
5221df3 is described below

commit 5221df34149465c5bbc1a76f83cb09f8911279f5
Author: Julien Lepiller <julien@lepiller.eu>
AuthorDate: Wed Nov 18 14:57:29 2020 +0100

    gnu: vpn: Make ca, key and cert optional.
    
    * gnu/services/vpn.scm (openvpn-client-configuration)
    (openvpn-server-configuration): Make ca, key an cert fields optional.
    * doc/guix.texi (VPN Services): Document the change.
---
 doc/guix.texi        | 20 ++++++++++++++------
 gnu/services/vpn.scm |  6 +++---
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 99068fc..d021384 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -24909,14 +24909,18 @@ Defaults to @samp{tun}.
 
 @end deftypevr
 
-@deftypevr {@code{openvpn-client-configuration} parameter} string ca
+If you do not have some of these files (eg.@: you use a username and
+password), you can disable any of the following three fields by setting
+it to @code{'disabled}.
+
+@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string ca
 The certificate authority to check connections against.
 
 Defaults to @samp{"/etc/openvpn/ca.crt"}.
 
 @end deftypevr
 
-@deftypevr {@code{openvpn-client-configuration} parameter} string cert
+@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string cert
 The certificate of the machine the daemon is running on.  It should be
 signed by the authority given in @code{ca}.
 
@@ -24924,7 +24928,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}.
 
 @end deftypevr
 
-@deftypevr {@code{openvpn-client-configuration} parameter} string key
+@deftypevr {@code{openvpn-client-configuration} parameter} maybe-string key
 The key of the machine the daemon is running on.  It must be the key whose
 certificate is @code{cert}.
 
@@ -25060,14 +25064,18 @@ Defaults to @samp{tun}.
 
 @end deftypevr
 
-@deftypevr {@code{openvpn-server-configuration} parameter} string ca
+If you do not have some of these files (eg.@: you use a username and
+password), you can disable any of the following three fields by setting
+it to @code{'disabled}.
+
+@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string ca
 The certificate authority to check connections against.
 
 Defaults to @samp{"/etc/openvpn/ca.crt"}.
 
 @end deftypevr
 
-@deftypevr {@code{openvpn-server-configuration} parameter} string cert
+@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string cert
 The certificate of the machine the daemon is running on.  It should be
 signed by the authority given in @code{ca}.
 
@@ -25075,7 +25083,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}.
 
 @end deftypevr
 
-@deftypevr {@code{openvpn-server-configuration} parameter} string key
+@deftypevr {@code{openvpn-server-configuration} parameter} maybe-string key
 The key of the machine the daemon is running on.  It must be the key whose
 certificate is @code{cert}.
 
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
index 658d5c3..70f2617 100644
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@@ -273,16 +273,16 @@ servers.")
     "The device type used to represent the VPN connection.")
 
    (ca
-    (string "/etc/openvpn/ca.crt")
+    (maybe-string "/etc/openvpn/ca.crt")
     "The certificate authority to check connections against.")
 
    (cert
-    (string "/etc/openvpn/client.crt")
+    (maybe-string "/etc/openvpn/client.crt")
     "The certificate of the machine the daemon is running on. It should be 
signed
 by the authority given in @code{ca}.")
 
    (key
-    (string "/etc/openvpn/client.key")
+    (maybe-string "/etc/openvpn/client.key")
     "The key of the machine the daemon is running on. It must be the key whose
 certificate is @code{cert}.")