49 lines
2.0 KiB
Scheme
49 lines
2.0 KiB
Scheme
(define-module (machines vpn)
|
|
#:use-module (guix gexp)
|
|
#:use-module (guix modules)
|
|
#:use-module (gnu packages tls)
|
|
#:use-module (gnu system)
|
|
#:use-module (gnu services)
|
|
#:use-module (gnu services certbot)
|
|
#:use-module (gnu services vpn)
|
|
#:use-module (system base-system)
|
|
|
|
#:export (vpn.metznet.ca vpn-services))
|
|
|
|
(define (metznet-vpn-etc dh-pem)
|
|
`(("openvpn/dh2048.pem" ,dh-pem)))
|
|
|
|
(define new-dh-pem
|
|
(computed-file "dh2048.pem" (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) (invoke #$(file-append openssl "/bin/openssl") "dhparam" "-out" #$output "2048")))))
|
|
|
|
(define metznet-vpn-service-type
|
|
(service-type (name 'metznet-vpn)
|
|
(description "")
|
|
(extensions (list (service-extension etc-service-type
|
|
metznet-vpn-etc)))
|
|
(default-value new-dh-pem)))
|
|
|
|
(define-public vpn-services
|
|
(append (list (service openvpn-server-service-type
|
|
(openvpn-server-configuration (tls-auth
|
|
"/etc/openvpn/ta.key")
|
|
(server
|
|
"10.0.80.0 255.255.255.0")))
|
|
|
|
(service metznet-vpn-service-type)
|
|
(service certbot-service-type
|
|
(certbot-configuration (email "admin@metznet.ca")
|
|
(certificates (list (certificate-configuration
|
|
(domains '
|
|
("vpn.metznet.ca"))))))))
|
|
(modify-services %metznet-server-services
|
|
(delete openvpn-client-service-type))))
|
|
|
|
(define-public vpn.metznet.ca
|
|
(operating-system
|
|
(inherit %metznet-base-server-system)
|
|
(host-name "vpn.metznet.ca")
|
|
(services
|
|
vpn-services)))
|
|
|