diff --git a/.gitignore b/.gitignore index 35d07ea..255b862 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .env *.ldif +pki/ diff --git a/machines/vpn.metznet.ca.scm b/machines/vpn.metznet.ca.scm index 2a493ac..935fd36 100644 --- a/machines/vpn.metznet.ca.scm +++ b/machines/vpn.metznet.ca.scm @@ -1,4 +1,5 @@ (define-module (machines vpn.metznet.ca) + #:use-module (guix gexp) #:use-module (gnu system) #:use-module (gnu services) #:use-module (gnu services certbot) @@ -13,6 +14,9 @@ (openvpn-server-configuration (tls-auth "/etc/openvpn/ta.key") (server "10.0.80.0 255.255.255.0"))) + + (simple-service 'vpn-server-etc etc-service-type + `(("openvpn/dh2048.pem" ,(local-file "dh2048.pem")))) (service certbot-service-type (certbot-configuration (email "admin@metznet.ca") (certificates (list (certificate-configuration diff --git a/system/base-system.scm b/system/base-system.scm index 9b1eb99..fa5620d 100644 --- a/system/base-system.scm +++ b/system/base-system.scm @@ -172,10 +172,10 @@ (symlink (string-append #$zsh "/bin/zsh") "/bin/zsh")))) (define (metznet-etc-service configuration) - '(("/etc/openvpn/ta.key" (local-file "ta.key")) - ("/etc/openvpn/ca.crt" (local-file "ca.crt")) - ("/etc/openvpn/client.crt" (local-file "client.crt")) - ("/etc/openvpn/client.key" (local-file "client.key")))) + `(("openvpn/ta.key" ,(local-file "ta.key")) + ("openvpn/ca.crt" ,(local-file "ca.crt")) + ("openvpn/client.crt" ,(local-file "client.crt")) + ("openvpn/client.key" ,(local-file "client.key")))) (define metznet-service-type (service-type (name 'metznet-service) @@ -280,13 +280,8 @@ (targets '("/boot/efi")) (keyboard-layout keyboard-layout))) (file-systems (cons* (file-system - (mount-point "/boot/efi") - (device "/dev/vda1") - (type "vfat") - (check? #f)) - (file-system (mount-point "/") - (device "/dev/vda3") + (device (file-system-label "guixsd")) (type "xfs") (check? #f)) %base-file-systems)) (users %metznet-base-user-accounts)