On 2025/09/04 17:52, obsd@mulh.net wrote:
> Nevermind about my request to change "stripcom" except for the consistency.
> I wasn't to keen on using an internal function in my hostname.if file anyway.
> 
> FYI: I moved my wireguard config back into the hostname.if file
> except for the keys will be kept in a mod 700 wireguard directory.
> Still no secrets will be revealed by daily changelist emails.
> An example of how my hostname.wg0 file looks: (without comments)
> 
> 
> inet 192.0.2.1 0xffffff00
> wgport 51820                    \
> wgkey $(</etc/wg/private.key)   \

i would recommend against using undocumented syntax in these files
(especially for any interfaces you might rely on for accessing a remote
system to fix it), in case the parser gets changed

executing a script is documented so you could expect that to stay
working or at least ger a warning in upgrade notes, e.g.

!/etc/wg/wg0-key

with wg0-key as an executable script

> -wgpeerall
> wgpeer $(</etc/wg/peer1.pub)            \
>         wgpsk $(</etc/wg/peer1.psk)     \
>         wgendpoint 198.51.100.42 51820  \
>         wgaip 192.0.2.2/32
> wgpeer $(</etc/wg/peer2.pub)            \
>         wgpsk $(</etc/wg/peer2.psk)     \
>         wgendpoint 198.51.100.80 51820  \
>         wgaip 192.0.2.3/32
>