2023-12-02 20:02:34 -07:00
|
|
|
(use-modules (gnu)
|
|
|
|
(metznet aws)
|
|
|
|
(metznet system base-system)
|
2023-12-04 00:53:02 -07:00
|
|
|
(gnu services certbot)
|
|
|
|
(gnu services vpn)
|
2023-12-02 20:02:34 -07:00
|
|
|
(gnu packages vim)
|
2023-12-03 18:17:19 -07:00
|
|
|
(gnu packages version-control)
|
2023-12-02 20:02:34 -07:00
|
|
|
(gnu packages shells))
|
|
|
|
|
|
|
|
(operating-system
|
2023-12-04 00:53:02 -07:00
|
|
|
(inherit %metznet-base-server-system)
|
|
|
|
(host-name "vpn.metznet.ca")
|
2023-12-02 20:02:34 -07:00
|
|
|
(bootloader (bootloader-configuration
|
|
|
|
(bootloader grub-minimal-bootloader)
|
|
|
|
(targets '("/dev/nvme0n1"))))
|
2023-12-04 00:53:02 -07:00
|
|
|
(swap-devices (list (swap-space
|
|
|
|
(target (file-system-label "vpn-guix-swap")))))
|
2023-12-02 20:02:34 -07:00
|
|
|
(file-systems (cons (file-system
|
2023-12-03 13:18:42 -07:00
|
|
|
(device (file-system-label "vpn-guix-data"))
|
2023-12-02 20:02:34 -07:00
|
|
|
(mount-point "/")
|
|
|
|
(type "ext4")) %base-file-systems))
|
|
|
|
(sudoers-file (plain-file "sudoers"
|
2023-12-03 18:17:19 -07:00
|
|
|
(string-join (list
|
|
|
|
"root ALL=(ALL:ALL) NOPASSWD:ALL"
|
|
|
|
"%aws ALL=(ALL:ALL) ALL"
|
2023-12-04 00:53:02 -07:00
|
|
|
"%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd"
|
|
|
|
"") "\n")))
|
2023-12-02 20:02:34 -07:00
|
|
|
|
2023-12-03 18:17:19 -07:00
|
|
|
(packages (cons* git neovim %metznet-base-packages))
|
2023-12-02 20:02:34 -07:00
|
|
|
|
|
|
|
(services
|
2023-12-04 00:53:02 -07:00
|
|
|
(append (list (service aws-service-type)
|
|
|
|
(service openvpn-server-service-type
|
|
|
|
(openvpn-server-configuration (ca
|
|
|
|
"/var/lib/openvpn/ca.crt")
|
|
|
|
(cert
|
|
|
|
"/var/lib/openvpn/client.crt")
|
|
|
|
(key
|
|
|
|
"/var/lib/openvpn/client.key")
|
|
|
|
(tls-auth
|
|
|
|
"/var/lib/openvpn/ta.key")
|
|
|
|
(dh
|
|
|
|
"/var/lib/openvpn/dh2048.pem")
|
|
|
|
(ifconfig-pool-persist
|
|
|
|
"/var/lib/openvpn/ipp.txt")
|
2023-12-05 01:01:20 -07:00
|
|
|
(client-to-client? #t)
|
2023-12-04 00:53:02 -07:00
|
|
|
(server
|
|
|
|
"10.0.80.0 255.255.255.0")))
|
|
|
|
(service certbot-service-type
|
|
|
|
(certbot-configuration (email "admin@metznet.ca")
|
|
|
|
(certificates (list (certificate-configuration
|
|
|
|
(domains '
|
|
|
|
("vpn.metznet.ca"))))))))
|
|
|
|
(modify-services %metznet-server-services
|
|
|
|
(delete openvpn-client-service-type)))))
|
2023-12-02 20:02:34 -07:00
|
|
|
|