I generally oppose having too many "hidden" include files that can be used to overwrite the basic configuration. They often give us a headache when we touch things because eventually we will break some of those manual settings. We keep telling ourselves that this is fine because we never said that we supported them any way. But that is not really a valid point.
I think it is normal also for other projects, to give the user the opportunity to configure things manually. The user is able to quickly fix problems if they need a special configuration. Otherwise, he would have to wait for the project to implement code for his special need which could take a lot of time.
Therefore, I think it´s absolutely normal and fine to offer user.confs with the limitation that the user.conf might break stuff. Here, the user is responsible and I guess the majority is fine with that.
Small patch to add a test around the first include as for the last include:
--- /srv/web/ipfire/cgi-bin/vpnmain.cgi.org 2015-05-19 17:42:52.944050515 +0200 +++ /srv/web/ipfire/cgi-bin/vpnmain.cgi 2015-05-19 17:43:49.951598841 +0200 @@ -253,8 +253,10 @@ print CONF "\n";
# Add user includes to config file - print CONF "include /etc/ipsec.user.conf\n"; - print CONF "\n"; + if (-e "/etc/ipsec.user.conf") { + print CONF "include /etc/ipsec.user.conf\n"; + print CONF "\n"; + }
print SECRETS "include /etc/ipsec.user.secrets\n";
Lars