moved all files in config to file-likes

master
noah metz 2023-12-02 02:49:54 -07:00
parent bef5e59857
commit 71ce440ed2
2 changed files with 31 additions and 53 deletions

@ -1,5 +1,7 @@
(define-module (machines vpn) (define-module (machines vpn)
#:use-module (guix gexp) #:use-module (guix gexp)
#:use-module (guix modules)
#:use-module (gnu packages tls)
#:use-module (gnu system) #:use-module (gnu system)
#:use-module (gnu services) #:use-module (gnu services)
#:use-module (gnu services certbot) #:use-module (gnu services certbot)
@ -8,6 +10,19 @@
#:export (vpn.metznet.ca vpn-services)) #:export (vpn.metznet.ca vpn-services))
(define (metznet-vpn-etc dh-pem)
`(("openvpn/dh2048.pem" ,dh-pem)))
(define new-dh-pem
(computed-file "dh2048.pem" (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) (invoke #$(file-append openssl "/bin/openssl") "dhparam" "-out" #$output "2048")))))
(define metznet-vpn-service-type
(service-type (name 'metznet-vpn)
(description "")
(extensions (list (service-extension etc-service-type
metznet-vpn-etc)))
(default-value new-dh-pem)))
(define-public vpn-services (define-public vpn-services
(append (list (service openvpn-server-service-type (append (list (service openvpn-server-service-type
(openvpn-server-configuration (tls-auth (openvpn-server-configuration (tls-auth
@ -15,13 +30,7 @@
(server (server
"10.0.80.0 255.255.255.0"))) "10.0.80.0 255.255.255.0")))
(simple-service 'vpn-server-etc etc-service-type (service metznet-vpn-service-type)
(let ((pki-dir (getenv "VPN_PKI_DIR")))
(if pki-dir
`(("openvpn/dh2048.pem" ,(local-file (string-append
pki-dir
"/dh2048.pem"))))
`())))
(service certbot-service-type (service certbot-service-type
(certbot-configuration (email "admin@metznet.ca") (certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration (certificates (list (certificate-configuration

@ -1,9 +1,6 @@
(define-module (system base-system) (define-module (system base-system)
#:use-module (guix gexp) #:use-module (guix gexp)
#:use-module (nongnu system linux-initrd)
#:use-module (nongnu packages linux)
#:use-module (gnu bootloader) #:use-module (gnu bootloader)
#:use-module (gnu bootloader grub) #:use-module (gnu bootloader grub)
#:use-module (gnu system accounts) #:use-module (gnu system accounts)
@ -163,30 +160,25 @@
(define-configuration/no-serialization metznet-system-configuration (define-configuration/no-serialization metznet-system-configuration
(certs (file-like le-certs) (certs (file-like le-certs)
"certificate package") "certificate package")
(vpn-pki-dir (maybe-string (let ((pki-dir (vpn-ta-key (file-like (computed-file "ta.key" (with-imported-modules '((guix build utils)) #~(begin
(getenv (use-modules (guix build utils))
"VPN_PKI_DIR"))) (invoke #$(file-append openvpn "/sbin/openvpn") "--genkey" "secret" #$output)))))
(or "ta.key for openvpn")
pki-dir (vpn-ca (file-like (local-file (or (getenv "VPN_CA") "pki/ca.crt"))) "ca.crt for openvpn")
%unset-value))) (vpn-cert (file-like (local-file (or (getenv "VPN_CERT") "pki/vpn.crt"))) "certificate for openvpn")
"openvpn pki directory") (vpn-key (file-like (local-file (or (getenv "VPN_KEY") "pki/vpn.key"))) "key for openvpn")
(user-shells (alist-of-file-like (list (cons (user-shells (alist-of-file-like (list (cons
"/bin/zsh" "/bin/zsh"
zsh))) zsh)))
"user shells to link") "user shells to link")
(channels-file (file-like (scheme-file (channels-file (file-like (scheme-file
"channels.scm" "channels.scm"
#~(append (list #~(cons
(channel (channel
(name 'metznet-channel) (name 'metznet-channel)
(url (url
"https://git.metznet.ca/MetzNet/metznet-channel.git")) "https://git.metznet.ca/MetzNet/metznet-channel.git"))
(channel
(name 'nonguix)
(url
"https://gitlab.com/nonguix/nonguix.git")))
%default-channels))) %default-channels)))
"channels.scm") "channels.scm")
(pam-services (list-of-strings (list (pam-services (list-of-strings (list
@ -231,18 +223,11 @@
(list #$@(shell-packages configuration)))) (list #$@(shell-packages configuration))))
(define (metznet-etc-service configuration) (define (metznet-etc-service configuration)
(let ((channels-file (metznet-system-configuration-channels-file `(("guix/channels.scm" ,(metznet-system-configuration-channels-file configuration))
configuration)) ("openvpn/ta.key" ,(metznet-system-configuration-vpn-ta-key configuration))
(pki-dir (metznet-system-configuration-vpn-pki-dir configuration))) ("openvpn/ca.crt" ,(metznet-system-configuration-vpn-ca configuration))
(if (maybe-value-set? pki-dir) ("openvpn/client.key" ,(metznet-system-configuration-vpn-cert configuration))
`(("guix/channels.scm" ,channels-file) ("openvpn/client.crt" ,(metznet-system-configuration-vpn-key configuration))))
("openvpn/ta.key" ,(local-file (string-append pki-dir "/ta.key")))
("openvpn/ca.crt" ,(local-file (string-append pki-dir "/ca.crt")))
("openvpn/client.key" ,(local-file (string-append pki-dir
"/client.key")))
("openvpn/client.crt" ,(local-file (string-append pki-dir
"/client.crt"))))
`(("guix/channels.scm" ,channels-file)))))
(define metznet-service-type (define metznet-service-type
(service-type (name 'metznet-service) (service-type (name 'metznet-service)
@ -291,16 +276,6 @@
(append %metznet-services (append %metznet-services
(modify-services %desktop-services (modify-services %desktop-services
(nscd-service-type config => %metznet-nscd-configuration) (nscd-service-type config => %metznet-nscd-configuration)
(guix-service-type config =>
(guix-configuration (inherit config)
(substitute-urls (append (list
"https://substitutes.nonguix.org")
%default-substitute-urls))
(authorized-keys (append (list
(plain-file
"nonguix.pub"
"(public-key\n (ecc\n (curve Ed25519)\n (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
%default-authorized-guix-keys))))
(udev-service-type config => (udev-service-type config =>
(udev-configuration (inherit config) (udev-configuration (inherit config)
(rules (append (list (rules (append (list
@ -317,9 +292,9 @@
(define %metznet-server-services (define %metznet-server-services
(append %metznet-services (append %metznet-services
(list (dbus-service) (list (service dbus-root-service-type)
(service dhcp-client-service-type) (service dhcp-client-service-type)
(openvpn-client-service #:config (openvpn-client-configuration (service openvpn-client-service-type (openvpn-client-configuration
(openvpn openvpn) (openvpn openvpn)
(pid-file (pid-file
"/var/run/openvpn/client.pid") "/var/run/openvpn/client.pid")
@ -334,18 +309,12 @@
(define %metznet-base-operating-system (define %metznet-base-operating-system
(operating-system (operating-system
;; Hostname and localization information
(host-name "base") (host-name "base")
(timezone "America/Edmonton") (timezone "America/Edmonton")
(locale "en_CA.utf8") (locale "en_CA.utf8")
(keyboard-layout %default-keyboard-layout) (keyboard-layout %default-keyboard-layout)
(name-service-switch %metznet-name-service-switch) (name-service-switch %metznet-name-service-switch)
;; Kernel and firmware definitions
(kernel linux)
(kernel-arguments (append '("console=ttyS0") %default-kernel-arguments)) (kernel-arguments (append '("console=ttyS0") %default-kernel-arguments))
(firmware (list linux-firmware))
(initrd microcode-initrd)
;; Grub UEFI Bootloader installed to /boot/efi
(bootloader (bootloader-configuration (bootloader (bootloader-configuration
(bootloader grub-efi-bootloader) (bootloader grub-efi-bootloader)
(targets '("/boot/efi")) (targets '("/boot/efi"))