(use-modules (gnu) (metznet aws) (metznet system base-system) (gnu services certbot) (gnu services vpn) (gnu packages vim) (gnu packages version-control) (gnu packages shells)) (operating-system (inherit %metznet-base-server-system) (host-name "vpn.metznet.ca") (bootloader (bootloader-configuration (bootloader grub-minimal-bootloader) (targets '("/dev/nvme0n1")))) (swap-devices (list (swap-space (target (file-system-label "vpn-guix-swap"))))) (file-systems (cons (file-system (device (file-system-label "vpn-guix-data")) (mount-point "/") (type "ext4")) %base-file-systems)) (sudoers-file (plain-file "sudoers" (string-join (list "root ALL=(ALL:ALL) NOPASSWD:ALL" "%aws ALL=(ALL:ALL) ALL" "%aws ALL=(root) NOPASSWD:/run/setuid-programs/passwd" "") "\n"))) (packages (cons* git neovim %metznet-base-packages)) (services (append (list (service aws-service-type) (service openvpn-server-service-type (openvpn-server-configuration (ca "/var/lib/openvpn/ca.crt") (cert "/var/lib/openvpn/client.crt") (key "/var/lib/openvpn/client.key") (tls-auth "/var/lib/openvpn/ta.key") (dh "/var/lib/openvpn/dh2048.pem") (ifconfig-pool-persist "/var/lib/openvpn/ipp.txt") (client-to-client? #t) (server "10.0.80.0 255.255.255.0"))) (service certbot-service-type (certbot-configuration (email "admin@metznet.ca") (certificates (list (certificate-configuration (domains ' ("vpn.metznet.ca")))))))) (modify-services %metznet-server-services (delete openvpn-client-service-type)))))