feat: use a subdirectory for configuration

Instead of pulling in the entire `/etc/wireguard` directory, use a
subdirectory, namely `/etc/wireguard/initcpio` to store the configuration.

upgpkg: mkinitcpio-wireguard 0.2.0-1

upstream release

7 files changed, 46 insertions, 23 deletions

diff --git a/.SRCINFO b/.SRCINFO
index c579ddbfcf22..a43253836a03 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = mkinitcpio-wireguard
 	pkgdesc = mkinitcpio hook that initialises Wireguard to assist in the remote unlocking of encrypted partitions.
-	pkgver = 0.1.0
+	pkgver = 0.2.0
 	pkgrel = 1
 	url = https://github.com/dharrigan/mkinitcpio-wireguard
 	install = mkinitcpio-wireguard.install
@@ -8,13 +8,13 @@ pkgbase = mkinitcpio-wireguard
 	license = Unlicense
 	depends = mkinitcpio>=0.9.0
 	depends = wireguard-tools
-	backup = etc/wireguard/remote-unlock
+	backup = etc/wireguard/initcpio/unlock
 	source = wireguard_hook
 	source = wireguard_install
 	source = wireguard_config
-	sha256sums = baa64d53adf5a60092c5df59c6ccf9e8253be4b7c947f89a9afd2cf0a84eea97
-	sha256sums = edf47fa52c1e5e802a5920b8fc3dea281d33c243e79364717c64588f384befaf
-	sha256sums = 9385ec468589f0621d2a90839ebe4b38d37824ea706c2b2edf8f41b0f239f7e8
+	sha256sums = cf4027c5c88a521f76ecfe257ee0bbcaf24294f8dcc97b8128cf77a3cd547d09
+	sha256sums = 5bbbe54b9bd0469537c74f892fd30fcb90e9b49143addc7a03f4366419d6bff6
+	sha256sums = 7e6c925ba973a90f63100a1a56b2e57f017d1155c1d0514f38cf9eeca557bd99
 
 pkgname = mkinitcpio-wireguard
 
diff --git a/PKGBUILD b/PKGBUILD
index 77fe8f2d3af5..21413c46dbb4 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
 # Maintainer: David Harrigan <dharrigan [@] gmail [dot] com>
 
 pkgname=mkinitcpio-wireguard
-pkgver=0.1.0
+pkgver=0.2.0
 pkgrel=1
 pkgdesc='mkinitcpio hook that initialises Wireguard to assist in the remote unlocking of encrypted partitions.'
 url='https://github.com/dharrigan/mkinitcpio-wireguard'
@@ -9,19 +9,19 @@ arch=('x86_64')
 license=('Unlicense')
 install="${pkgname}.install"
 depends=('mkinitcpio>=0.9.0' 'wireguard-tools')
-backup=('etc/wireguard/remote-unlock')
+backup=('etc/wireguard/initcpio/unlock')
 source=('wireguard_hook' 'wireguard_install' 'wireguard_config')
 
 package() {
 	install -o root -g root -D ${srcdir}/wireguard_hook ${pkgdir}/usr/lib/initcpio/hooks/wireguard
 	install -o root -g root -D ${srcdir}/wireguard_install ${pkgdir}/usr/lib/initcpio/install/wireguard
-	install -o root -g root -D ${srcdir}/wireguard_config ${pkgdir}/etc/wireguard/remote-unlock
+	install -o root -g root -D ${srcdir}/wireguard_config ${pkgdir}/etc/wireguard/initcpio/unlock
 }
 
 sha256sums=(
-'baa64d53adf5a60092c5df59c6ccf9e8253be4b7c947f89a9afd2cf0a84eea97'
-'edf47fa52c1e5e802a5920b8fc3dea281d33c243e79364717c64588f384befaf'
-'9385ec468589f0621d2a90839ebe4b38d37824ea706c2b2edf8f41b0f239f7e8'
+'cf4027c5c88a521f76ecfe257ee0bbcaf24294f8dcc97b8128cf77a3cd547d09'
+'5bbbe54b9bd0469537c74f892fd30fcb90e9b49143addc7a03f4366419d6bff6'
+'7e6c925ba973a90f63100a1a56b2e57f017d1155c1d0514f38cf9eeca557bd99'
 )
 
 # vim:set syntax=sh tw=78:
diff --git a/README.adoc b/README.adoc
index aa2c441da469..3845d4e8c333 100644
--- a/README.adoc
+++ b/README.adoc
@@ -12,6 +12,29 @@
 :toc:
 :toclevels: 5
 
+== ChangeLog
+
+IMPORTANT: Until this package has stabilised and until it has reached a 1.0.0
+release, *please be very careful* to examine the version changes listed below
+as the package requirements and instructions can change to reflect a better
+understanding of the problem domain. *DO NOT ASSUME THAT ANYTHING UNTIL AT
+LEAST A 1.0.0 RELEASE*
+
+WARNING: Read the warning above.
+
+|===
+|Version | Note
+
+| *0.2.0*
+a|
+* Don't include the entire `/etc/wireguard` directory, instead use a subdirectory, namely `/etc/wireguard/initcpio` to keep things separate.
+
+| *0.1.0*
+a|
+* Initial Release
+
+|===
+
 == Rationale
 
 Firstly, encryption. Encrypt all the things.
@@ -90,10 +113,10 @@ running first. A few examples of where to find documentation are listed below:
 * https://www.wireguard.com/quickstart/
 * https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
 
-After installing `mkinitcpio-wireguard`, a configuration file will be written
-to `/etc/wireguard/remote-unlock`. You *MUST* edit this file to suit your
-particular Wireguard requirements. The file is really simple and therefore
-should be pretty self-explanatory.
+After installing `mkinitcpio-wireguard`, an example configuration file will be
+written to `/etc/wireguard/initcpio/unlock`. You *MUST* edit this file to suit
+your particular Wireguard requirements. The file is really simple and
+therefore should be pretty self-explanatory.
 
 NOTE: If you have an existing `wg0.conf` in your `/etc/wireguard` directory,
 you can use the contents of that file as a reference. Please be aware of the
@@ -102,7 +125,7 @@ unlocking.
 
 == Hook Installation
 
-After you have edited the `/etc/wireguard/remote-unlock` file to suit your
+After you have edited the `/etc/wireguard/initcpio/unlock` file to suit your
 needs, ensure that you've added the `wireguard` hook to the *HOOKS* array of
 `/etc/mkinitcpio.conf`. Shown below is an example that also includes the use
 of `netconf`, `tinyssh` and `encryptssh`.
@@ -113,7 +136,7 @@ HOOKS=(base udev autodetect keyboard keymap modconf block netconf wireguard tiny
 
 == Final Steps
 
-Lastly, run (as root):
+Lastly, run (still as root):
 
 ----
 mkinitcpio -P
diff --git a/mkinitcpio-wireguard.install b/mkinitcpio-wireguard.install
index aedd9a6616f9..87d2bc150ef8 100644
--- a/mkinitcpio-wireguard.install
+++ b/mkinitcpio-wireguard.install
@@ -4,7 +4,7 @@ post_install() {
     echo ">"
 	echo "> Now add 'wireguard' to your HOOKS array in your '/etc/mkinitcpio.conf' and rebuild the ramdisk."
 	echo "> e.g., HOOKS=(base udev autodetect keyboard keymap modconf block netconf wireguard tinyssh encryptssh filesystems fsck)"
-	echo "> don't forget to configure the '/etc/wireguard/remote-unlock' file then rerun mkinitcpio..."
+	echo "> don't forget to configure the '/etc/wireguard/initcpio/unlock' file then rerun mkinitcpio..."
 	echo ">"
 }
 
diff --git a/wireguard_config b/wireguard_config
index ec0907cc1d07..59e82c08da51 100644
--- a/wireguard_config
+++ b/wireguard_config
@@ -49,7 +49,7 @@ PEER_PUBLIC_KEY=abcdefg
 PEER_ENDPOINT=192.168.80.1:12912
 
 # This is your private key previously setup to establish connection to the peer.
-PRIVATE_KEY_FILE=/etc/wireguard/privatekey
+PRIVATE_KEY_FILE=/etc/wireguard/initcpio/privatekey
 
 # If you're behind a NAT, a ping of 25 seconds is useful!
 PERSISTENT_KEEPALIVES=25
diff --git a/wireguard_hook b/wireguard_hook
index f914e7cf50bf..59d85985fc83 100644
--- a/wireguard_hook
+++ b/wireguard_hook
@@ -28,8 +28,8 @@
 
 _fatal () { echo ":: wireguard [FATAL]: ${@}. Cannot initialise Wireguard\!"; break=y; }
 
-if [ -f /etc/wireguard/remote-unlock ]; then
-    . /etc/wireguard/remote-unlock
+if [ -f /etc/wireguard/initcpio/unlock ]; then
+    . /etc/wireguard/initcpio/unlock
 fi
 
 run_hook()
diff --git a/wireguard_install b/wireguard_install
index d681830892d7..1ba2f65f774a 100644
--- a/wireguard_install
+++ b/wireguard_install
@@ -31,7 +31,7 @@ build()
    add_binary wg
    add_module wireguard
 
-   add_full_dir /etc/wireguard
+   add_full_dir /etc/wireguard/initcpio
 
    add_runscript
 }
@@ -40,7 +40,7 @@ help() {
     cat <<HELPME
 This hook provides basic Wireguard support to assist in the remote unlocking
 of encrypted partitions. There are various parameters that are to be
-configured via the "/etc/wireguard/remote-unlock" file. This must be done!
+configured via the "/etc/wireguard/initcpio/unlock" file. This must be done!
 
 In addition to this hook, you will require something like tinyssh or dropbear
 appropriately configured in order to gain remote access. Please refer to the