moved all files in config to file-likes

machines/vpn.scm

@@ -1,5 +1,7 @@
 (define-module (machines vpn)
   #:use-module (guix gexp)
+  #:use-module (guix modules)
+  #:use-module (gnu packages tls)
   #:use-module (gnu system)
   #:use-module (gnu services)
   #:use-module (gnu services certbot)
@@ -8,6 +10,19 @@
 
   #:export (vpn.metznet.ca vpn-services))
 
+(define (metznet-vpn-etc dh-pem)
+  `(("openvpn/dh2048.pem" ,dh-pem)))
+
+(define new-dh-pem
+  (computed-file "dh2048.pem" (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) (invoke #$(file-append openssl "/bin/openssl") "dhparam" "-out" #$output "2048")))))
+
+(define metznet-vpn-service-type
+  (service-type (name 'metznet-vpn)
+                (description "")
+                (extensions (list (service-extension etc-service-type
+                                                     metznet-vpn-etc)))
+                (default-value new-dh-pem)))
+
 (define-public vpn-services
   (append (list (service openvpn-server-service-type
                          (openvpn-server-configuration (tls-auth
@@ -15,13 +30,7 @@
                                                        (server
                                                         "10.0.80.0 255.255.255.0")))
 
-                (simple-service 'vpn-server-etc etc-service-type
+                (service metznet-vpn-service-type)
-                                (let ((pki-dir (getenv "VPN_PKI_DIR")))
-                                  (if pki-dir
-                                      `(("openvpn/dh2048.pem" ,(local-file (string-append
-                                                                            pki-dir
-                                                                            "/dh2048.pem"))))
-                                      `())))
                 (service certbot-service-type
                          (certbot-configuration (email "admin@metznet.ca")
                                                 (certificates (list (certificate-configuration

system/base-system.scm

@@ -1,9 +1,6 @@
 (define-module (system base-system)
   #:use-module (guix gexp)
 
-  #:use-module (nongnu system linux-initrd)
-  #:use-module (nongnu packages linux)
-
   #:use-module (gnu bootloader)
   #:use-module (gnu bootloader grub)
   #:use-module (gnu system accounts)
@@ -163,30 +160,25 @@
 (define-configuration/no-serialization metznet-system-configuration
                                        (certs (file-like le-certs)
                                               "certificate package")
-                                       (vpn-pki-dir (maybe-string (let ((pki-dir
+                                       (vpn-ta-key (file-like (computed-file "ta.key" (with-imported-modules '((guix build utils)) #~(begin
-                                                                         (getenv
+                                                                                                                            (use-modules (guix build utils))
-                                                                          "VPN_PKI_DIR")))
+                                                                                                                            (invoke #$(file-append openvpn "/sbin/openvpn") "--genkey" "secret" #$output)))))
-                                                                    (or
+                                                   "ta.key for openvpn")
-                                                                     pki-dir
+                                       (vpn-ca (file-like (local-file (or (getenv "VPN_CA") "pki/ca.crt"))) "ca.crt for openvpn")
-                                                                     %unset-value)))
+                                       (vpn-cert (file-like (local-file (or (getenv "VPN_CERT") "pki/vpn.crt"))) "certificate for openvpn")
-                                                    "openvpn pki directory")
+                                       (vpn-key (file-like (local-file (or (getenv "VPN_KEY") "pki/vpn.key"))) "key for openvpn")
                                        (user-shells (alist-of-file-like (list (cons
                                                                                "/bin/zsh"
                                                                                zsh)))
                                                     "user shells to link")
                                        (channels-file (file-like (scheme-file
                                                                   "channels.scm"
-                                                                  #~(append (list
+                                                                  #~(cons
                                                                              (channel
                                                                               (name 'metznet-channel)
                                                                               
                                                                               (url
                                                                                "https://git.metznet.ca/MetzNet/metznet-channel.git"))
-                                                                             (channel
-                                                                              (name 'nonguix)
-                                                                              
-                                                                              (url
-                                                                               "https://gitlab.com/nonguix/nonguix.git")))
                                                                      %default-channels)))
                                                       "channels.scm")
                                        (pam-services (list-of-strings (list
@@ -231,18 +223,11 @@
               (list #$@(shell-packages configuration))))
 
 (define (metznet-etc-service configuration)
-  (let ((channels-file (metznet-system-configuration-channels-file
+        `(("guix/channels.scm" ,(metznet-system-configuration-channels-file configuration))
-                        configuration))
+          ("openvpn/ta.key" ,(metznet-system-configuration-vpn-ta-key configuration))
-        (pki-dir (metznet-system-configuration-vpn-pki-dir configuration)))
+          ("openvpn/ca.crt" ,(metznet-system-configuration-vpn-ca configuration))
-    (if (maybe-value-set? pki-dir)
+          ("openvpn/client.key" ,(metznet-system-configuration-vpn-cert configuration))
-        `(("guix/channels.scm" ,channels-file)
+          ("openvpn/client.crt" ,(metznet-system-configuration-vpn-key configuration))))
-          ("openvpn/ta.key" ,(local-file (string-append pki-dir "/ta.key")))
-          ("openvpn/ca.crt" ,(local-file (string-append pki-dir "/ca.crt")))
-          ("openvpn/client.key" ,(local-file (string-append pki-dir
-                                                            "/client.key")))
-          ("openvpn/client.crt" ,(local-file (string-append pki-dir
-                                                            "/client.crt"))))
-        `(("guix/channels.scm" ,channels-file)))))
 
 (define metznet-service-type
   (service-type (name 'metznet-service)
@@ -291,16 +276,6 @@
   (append %metznet-services
           (modify-services %desktop-services
             (nscd-service-type config => %metznet-nscd-configuration)
-            (guix-service-type config =>
-                               (guix-configuration (inherit config)
-                                                   (substitute-urls (append (list
-                                                                             "https://substitutes.nonguix.org")
-                                                                     %default-substitute-urls))
-                                                   (authorized-keys (append (list
-                                                                             (plain-file
-                                                                              "nonguix.pub"
-                                                                              "(public-key\n                                                       (ecc\n                                                         (curve Ed25519)\n                                                         (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
-                                                                     %default-authorized-guix-keys))))
             (udev-service-type config =>
                                (udev-configuration (inherit config)
                                                    (rules (append (list
@@ -317,9 +292,9 @@
 
 (define %metznet-server-services
   (append %metznet-services
-          (list (dbus-service)
+          (list (service dbus-root-service-type)
                 (service dhcp-client-service-type)
-                (openvpn-client-service #:config (openvpn-client-configuration
+                (service openvpn-client-service-type (openvpn-client-configuration
                                                   (openvpn openvpn)
                                                   (pid-file
                                                    "/var/run/openvpn/client.pid")
@@ -334,18 +309,12 @@
 
 (define %metznet-base-operating-system
   (operating-system
-    ;; Hostname and localization information
     (host-name "base")
     (timezone "America/Edmonton")
     (locale "en_CA.utf8")
     (keyboard-layout %default-keyboard-layout)
     (name-service-switch %metznet-name-service-switch)
-    ;; Kernel and firmware definitions
-    (kernel linux)
     (kernel-arguments (append '("console=ttyS0") %default-kernel-arguments))
-    (firmware (list linux-firmware))
-    (initrd microcode-initrd)
-    ;; Grub UEFI Bootloader installed to /boot/efi
     (bootloader (bootloader-configuration
                   (bootloader grub-efi-bootloader)
                   (targets '("/boot/efi"))