[WireGuard] What is a good way to ingrate (as of now) wireguard into openrc in Gentoo?

[Joakim Sindholt]

On Fri, Nov 18, 2016 at 12:42 PM, Kalin KOZHUHAROV <me.kalin at gmail.com> 
wrote:
> Hello,
> 
> I have been testing a few things between Gentoo and few OpenWRT 
> boxen, so far so good. Just saw that Luci config landed, recompiling 
> now.
> 
> This brings me to "What is a good way to ingrate (as of now) 
> wireguard into openrc in Gentoo?" question.
> 
> I have my scripts, I just found out about 
> /lib64/netifrc/net/wireguard.sh but I couldn't find a way to edit 
> /etc/conf.d/net so that I can integrate it.
> 
> Since Jason is a Gentoo user/dev I thought that is already solved :-D

I'm the idiot who wrote it, not Jason - direct your frustration towards 
me :)

The idea is that the wireguard_$if variable is passed to 'wg set' or 
'wg setconf',
depending on whether or not it's a single argument and a file.
You join this with config_$if which is passed to 'ip address', and 
optionally
routes_$if to create custom routes and 'rules_$if' which is passed to 
'ip rule'.

There are a couple of problems with this - the number I've experienced 
being that
dhcpcd has no respect for network config it didn't create and so it 
will happily
nuke the ip rules every time it renews the dhcp lease.

> An example static config for the simple case of
> 
> host_A:wg0<----->wg0:host_B
> 
> and
> 
>               /-->wg0:host_B
> host_A:wg0<--||
>               \-->wg0:host_C
> 
> (say where A,B,C share some private subnet) will be appreciated.

You can directly follow the terminal examples from eg. the quickstart 
page.
Interface creation is automatic so you just need a 
config_wg0=ip-addr-line and
wireguard_wg0=wg-set-line and you're golden.

> Any good "default" way to store config files? Private keys?