(define-module (metznet machines vpn) #:use-module (guix gexp) #:use-module (guix modules) #:use-module (gnu packages tls) #:use-module (gnu system) #:use-module (gnu services) #:use-module (gnu services certbot) #:use-module (gnu services vpn) #:use-module (metznet system base-system) #:export (vpn.metznet.ca vpn-services metznet-vpn-service-type)) (define-public vpn-services (append (list (service openvpn-server-service-type (openvpn-server-configuration (ca "/var/lib/openvpn/ca.crt") (cert "/var/lib/openvpn/client.crt") (key "/var/lib/openvpn/client.key") (tls-auth "/var/lib/openvpn/ta.key") (dh "/var/lib/openvpn/dh2048.pem") (ifconfig-pool-persist "/var/lib/openvpn/ipp.txt") (server "10.0.80.0 255.255.255.0"))) (service certbot-service-type (certbot-configuration (email "admin@metznet.ca") (certificates (list (certificate-configuration (domains ' ("vpn.metznet.ca")))))))) (modify-services %metznet-server-services (delete openvpn-client-service-type)))) (define-public vpn.metznet.ca (operating-system (inherit %metznet-base-server-system) (host-name "vpn.metznet.ca") (services vpn-services)))