diff --git a/machines/vpn.metznet.ca.scm b/machines/vpn.metznet.ca.scm index c0c06a9..2a493ac 100644 --- a/machines/vpn.metznet.ca.scm +++ b/machines/vpn.metznet.ca.scm @@ -7,15 +7,16 @@ (operating-system (inherit %metznet-base-server-system) - (host-name "vpn.guix.metznet.ca") + (host-name "vpn.metznet.ca") (services (append (list (service openvpn-server-service-type (openvpn-server-configuration + (tls-auth "/etc/openvpn/ta.key") (server "10.0.80.0 255.255.255.0"))) (service certbot-service-type (certbot-configuration (email "admin@metznet.ca") (certificates (list (certificate-configuration (domains ' - ("vpn.guix.metznet.ca")))))))) + ("vpn.metznet.ca")))))))) (modify-services %metznet-server-services (delete openvpn-client-service-type))))) diff --git a/system/base-system.scm b/system/base-system.scm index 3a1e826..9b1eb99 100644 --- a/system/base-system.scm +++ b/system/base-system.scm @@ -172,7 +172,10 @@ (symlink (string-append #$zsh "/bin/zsh") "/bin/zsh")))) (define (metznet-etc-service configuration) - '()) + '(("/etc/openvpn/ta.key" (local-file "ta.key")) + ("/etc/openvpn/ca.crt" (local-file "ca.crt")) + ("/etc/openvpn/client.crt" (local-file "client.crt")) + ("/etc/openvpn/client.key" (local-file "client.key")))) (define metznet-service-type (service-type (name 'metznet-service) @@ -251,6 +254,8 @@ (pid-file "/var/run/openvpn/client.pid") (persist-key? #f) + (remote (list (openvpn-remote-configuration + (name "vpn.metznet.ca")))) (tls-auth "/etc/openvpn/ta.key")))) (modify-services %base-services