bootstrap: add VPNs from bootstrap volume

src/cmd/init.rs

@@ -106,6 +106,7 @@ pub async fn run() {
     // Wireguard VPNs
     for (name, conf) in &cfg.vpns {
         retry_or_ignore(async || {
+            info!("starting VPN {name}");
             let dir = "/etc/wireguard";
             fs::create_dir_all(dir).await?;
 

src/cmd/init/bootstrap.rs

@@ -12,7 +12,7 @@ use dkl::{
 };
 
 use super::{exec, mount, retry, retry_or_ignore, try_exec};
-use crate::utils;
+use crate::{fs::walk_dir, utils};
 
 pub async fn bootstrap(cfg: Config) {
     let verifier = retry(async || Verifier::from_config(&cfg)).await;
@@ -20,6 +20,19 @@ pub async fn bootstrap(cfg: Config) {
 
     mount(Some(&bs.dev), "/bootstrap", "ext4", None).await;
 
+    // VPNs
+    for vpn_conf in walk_dir("/bootstrap/vpns").await {
+        if !vpn_conf.ends_with(".conf") {
+            continue;
+        }
+
+        retry_or_ignore(async || {
+            info!("starting VPN from {vpn_conf}");
+            try_exec("wg-quick", &["up", &vpn_conf]).await
+        })
+        .await;
+    }
+
     let boot_version = utils::param("version").unwrap_or("current");
     let base_dir = &format!("/bootstrap/{boot_version}");
 
@@ -55,8 +68,6 @@ pub async fn bootstrap(cfg: Config) {
     apply_groups(&sys_cfg.groups, "/system").await;
     apply_users(&sys_cfg.users, "/system").await;
 
-    // TODO VPNs
-
     mount_filesystems(&sys_cfg.mounts, "/system").await;
 
     retry_or_ignore(async || {