(define-module (machines vpn) #:use-module (guix gexp) #:use-module (guix modules) #:use-module (gnu packages tls) #:use-module (gnu system) #:use-module (gnu services) #:use-module (gnu services certbot) #:use-module (gnu services vpn) #:use-module (system base-system) #:export (vpn.metznet.ca vpn-services)) (define (metznet-vpn-etc dh-pem) `(("openvpn/dh2048.pem" ,dh-pem))) (define new-dh-pem (computed-file "dh2048.pem" (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) (invoke #$(file-append openssl "/bin/openssl") "dhparam" "-out" #$output "2048"))))) (define metznet-vpn-service-type (service-type (name 'metznet-vpn) (description "") (extensions (list (service-extension etc-service-type metznet-vpn-etc))) (default-value new-dh-pem))) (define-public vpn-services (append (list (service openvpn-server-service-type (openvpn-server-configuration (tls-auth "/etc/openvpn/ta.key") (server "10.0.80.0 255.255.255.0"))) (service metznet-vpn-service-type) (service certbot-service-type (certbot-configuration (email "admin@metznet.ca") (certificates (list (certificate-configuration (domains ' ("vpn.metznet.ca")))))))) (modify-services %metznet-server-services (delete openvpn-client-service-type)))) (define-public vpn.metznet.ca (operating-system (inherit %metznet-base-server-system) (host-name "vpn.metznet.ca") (services vpn-services)))