metznet-channel/machines/vpn.scm

49 lines
2.0 KiB
Scheme

(define-module (machines vpn)
#:use-module (guix gexp)
#:use-module (guix modules)
#:use-module (gnu packages tls)
#:use-module (gnu system)
#:use-module (gnu services)
#:use-module (gnu services certbot)
#:use-module (gnu services vpn)
#:use-module (system base-system)
#:export (vpn.metznet.ca vpn-services))
(define (metznet-vpn-etc dh-pem)
`(("openvpn/dh2048.pem" ,dh-pem)))
(define new-dh-pem
(computed-file "dh2048.pem" (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) (invoke #$(file-append openssl "/bin/openssl") "dhparam" "-out" #$output "2048")))))
(define metznet-vpn-service-type
(service-type (name 'metznet-vpn)
(description "")
(extensions (list (service-extension etc-service-type
metznet-vpn-etc)))
(default-value new-dh-pem)))
(define-public vpn-services
(append (list (service openvpn-server-service-type
(openvpn-server-configuration (tls-auth
"/etc/openvpn/ta.key")
(server
"10.0.80.0 255.255.255.0")))
(service metznet-vpn-service-type)
(service certbot-service-type
(certbot-configuration (email "admin@metznet.ca")
(certificates (list (certificate-configuration
(domains '
("vpn.metznet.ca"))))))))
(modify-services %metznet-server-services
(delete openvpn-client-service-type))))
(define-public vpn.metznet.ca
(operating-system
(inherit %metznet-base-server-system)
(host-name "vpn.metznet.ca")
(services
vpn-services)))