diff options
| author | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2026-06-05 11:36:42 +0200 |
|---|---|---|
| committer | Marek Paśnikowski <marek@marekpasnikowski.pl> | 2026-06-05 18:31:21 +0200 |
| commit | cabc666249d9b6f224e455d76b33723b43d18921 (patch) | |
| tree | f3bf6ba6ea6e710f834dee237f608eab89131f1d /deployment/services/vpn.scm | |
| parent | 6ef001ead1cd7473ee2c9c7520696c3b0deddb51 (diff) | |
(services): add initial deployment of Wireguard VPN
Diffstat (limited to 'deployment/services/vpn.scm')
| -rw-r--r-- | deployment/services/vpn.scm | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/deployment/services/vpn.scm b/deployment/services/vpn.scm new file mode 100644 index 0000000..ea0ec4c --- /dev/null +++ b/deployment/services/vpn.scm @@ -0,0 +1,80 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2026 Marek Paśnikowski <marek@marekpasnikowski.pl> + +;;; COPYRIGHT NOTICE +;;; +;;; Copyright 2026, Marek Paśnikowski <marek@marekpasnikowski.pl> + +;;; LICENSE NOTICE +;;; +;;; This library is free software: you can redistribute it and/or modify it under the terms of +;;; the GNU General Public License as published by the Free Software Foundation, +;;; either version 3 of the License, or (at your option) any later version. +;;; +;;; This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +;;; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +;;; See the GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License along with this library. +;;; If not, see <https://www.gnu.org/licenses/>. + +(define-module (deployment services vpn) + #:export (wireguard-service-aisaka + wireguard-service-giewont + wireguard-service-rakan) + #:use-module (gnu services) + #:use-module (gnu services vpn) + #:use-module (sovereign services vpn) + #:use-module ((deployment services dns) + #:prefix deployment:services:dns:)) + +(define wireguard-peer-aisaka + (wireguard-peer + (inherit %wireguard-peer) + (name "aisaka") + (endpoint deployment:services:dns:wireguard-endpoint) + (public-key "7B6fgIKVZs6DWN3hdDGlYI8XpvHWGCjZKh6kbY/KKg8=") + (allowed-ips (list "10.0.0.0/24")))) + +(define wireguard-peer-giewont + (wireguard-peer + (inherit %wireguard-peer) + (name "giewont") + (public-key "/XsuEpAHX1iEc5abcmY9sYTx8qETAuSLjEmx5ekqfwM=") + (allowed-ips (list "10.0.0.2/32")))) + +(define wireguard-peer-rakan + (wireguard-peer + (inherit %wireguard-peer) + (name "rakan") + (public-key "vOEJivgw9C7wZwYX3Kiqw3Ycl6wErr8N9z3BmkhF0Us=") + (allowed-ips (list "10.0.0.3/32")))) + +(define wireguard-configuration-aisaka + (wireguard-configuration + (inherit %wireguard-configuration) + (peers (list wireguard-peer-giewont + wireguard-peer-rakan)))) + +(define wireguard-configuration-giewont + (wireguard-configuration + (inherit %wireguard-configuration) + (addresses (list "10.0.0.2/24")) + (peers (list wireguard-peer-aisaka)))) + +(define wireguard-configuration-rakan + (wireguard-configuration + (inherit %wireguard-configuration) + (addresses (list "10.0.0.3/24")) + (peers (list wireguard-peer-aisaka)))) + +(define wireguard-service-aisaka + (wireguard-service wireguard-configuration-aisaka)) + +(define wireguard-service-giewont + (wireguard-service wireguard-configuration-giewont)) + +(define wireguard-service-rakan + (wireguard-service wireguard-configuration-rakan)) + +;;; EOF |