diff options
| -rw-r--r-- | deployment/services/dns.scm | 7 | ||||
| -rw-r--r-- | deployment/services/vpn.scm | 88 | ||||
| -rw-r--r-- | deployment/system.scm | 3 | ||||
| -rw-r--r-- | deployment/system/akashi.scm | 3 | ||||
| -rw-r--r-- | deployment/system/cokolwiek.scm | 3 | ||||
| -rw-r--r-- | deployment/system/rakan.scm | 3 |
6 files changed, 106 insertions, 1 deletions
diff --git a/deployment/services/dns.scm b/deployment/services/dns.scm index fb77804..3b423b0 100644 --- a/deployment/services/dns.scm +++ b/deployment/services/dns.scm @@ -19,7 +19,8 @@ ;;; If not, see <https://www.gnu.org/licenses/>. (define-module (deployment services dns) - #:export (knot-service-aisaka) + #:export (knot-service-aisaka + wireguard-endpoint) #:use-module (gnu services) #:use-module (gnu services dns)) @@ -34,6 +35,10 @@ ip-otvarta " -all\"")) +(define wireguard-endpoint + (string-append ip-multimedia + ":51820")) + (define-zone-entries marekpasnikowski.pl-entries ("@" ttl "IN" "A" ip-otvarta) ("1" ttl "IN" "A" ip-otvarta) diff --git a/deployment/services/vpn.scm b/deployment/services/vpn.scm new file mode 100644 index 0000000..33a7637 --- /dev/null +++ b/deployment/services/vpn.scm @@ -0,0 +1,88 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2026 Marek Paśnikowski <marek@marekpasnikowski.pl> + +;;; COPYRIGHT NOTICE +;;; +;;; Copyright 2026, Marek Paśnikowski <marek@marekpasnikowski.pl> + +;;; LICENSE NOTICE +;;; +;;; This library is free software: you can redistribute it and/or modify it under the terms of +;;; the GNU General Public License as published by the Free Software Foundation, +;;; either version 3 of the License, or (at your option) any later version. +;;; +;;; This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +;;; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +;;; See the GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License along with this library. +;;; If not, see <https://www.gnu.org/licenses/>. + +(define-module (deployment services vpn) + #:export (wireguard-service-aisaka + wireguard-service-giewont + wireguard-service-rakan) + #:use-module (gnu services) + #:use-module (gnu services vpn) + #:use-module (sovereign services vpn) + #:use-module ((deployment services dns) + #:prefix deployment:services:dns:)) + +(define wireguard-peer-aisaka + (wireguard-peer + (inherit %wireguard-peer) + (name "aisaka") + (endpoint deployment:services:dns:wireguard-endpoint) + (public-key "7B6fgIKVZs6DWN3hdDGlYI8XpvHWGCjZKh6kbY/KKg8="))) + +(define wireguard-peer-giewont + (wireguard-peer + (inherit %wireguard-peer) + (name "giewont") + (public-key "/XsuEpAHX1iEc5abcmY9sYTx8qETAuSLjEmx5ekqfwM=") + (allowed-ips (list "10.0.0.2/32")))) + +(define wireguard-peer-rakan + (wireguard-peer + (inherit %wireguard-peer) + (name "rakan") + (public-key "vOEJivgw9C7wZwYX3Kiqw3Ycl6wErr8N9z3BmkhF0Us=") + (allowed-ips (list "10.0.0.3/32")))) + +(define wireguard-configuration-aisaka + (wireguard-configuration + (inherit %wireguard-configuration) + (peers (list wireguard-peer-giewont + wireguard-peer-rakan)))) + +(define wireguard-configuration-akashi + (wireguard-configuration + (inherit %wireguard-configuration) + (addresses (list "10.0.0.4/24")) + (peers (list wireguard-peer-aisaka)))) + +(define wireguard-configuration-giewont + (wireguard-configuration + (inherit %wireguard-configuration) + (addresses (list "10.0.0.2/24")) + (peers (list wireguard-peer-aisaka)))) + +(define wireguard-configuration-rakan + (wireguard-configuration + (inherit %wireguard-configuration) + (addresses (list "10.0.0.3/24")) + (peers (list wireguard-peer-aisaka)))) + +(define wireguard-service-aisaka + (wireguard-service wireguard-configuration-aisaka)) + +(define wireguard-service-akashi + (wireguard-service wireguard-configuration-akashi)) + +(define wireguard-service-giewont + (wireguard-service wireguard-configuration-giewont)) + +(define wireguard-service-rakan + (wireguard-service wireguard-configuration-rakan)) + +;;; EOF diff --git a/deployment/system.scm b/deployment/system.scm index 1eaeb49..7c17a83 100644 --- a/deployment/system.scm +++ b/deployment/system.scm @@ -33,6 +33,8 @@ #:prefix deployment:services:matrix:) #:use-module ((deployment services networking) #:prefix deployment:services:networking:) + #:use-module ((deployment services vpn) + #:prefix deployment:services:vpn:) #:use-module ((deployment services web) #:prefix deployment:services:web:) #:use-module ((deployment system aisaka) @@ -136,6 +138,7 @@ deployment:system:aisaka:radicale deployment:services:mail:smtp-service-aisaka deployment:system:aisaka:static-networking + deployment:services:vpn:wireguard-service-aisaka deployment:system:aisaka:%sovereign-services*)) (pam-services (gnu:system:pam:base-pam-services)) (privileged-programs gnu:system:%default-privileged-programs) diff --git a/deployment/system/akashi.scm b/deployment/system/akashi.scm index 7276a03..17fda4c 100644 --- a/deployment/system/akashi.scm +++ b/deployment/system/akashi.scm @@ -23,6 +23,8 @@ #:use-module (users id1000) #:use-module ((deployment gexp) #:prefix deployment:gexp:) + #:use-module ((deployment services vpn) + #:prefix deployment:services:vpn:) #:use-module ((gnu packages linux) #:prefix gnu:packages:linux:) #:use-module ((gnu services) @@ -129,6 +131,7 @@ (essential-services (gnu:system:operating-system-default-essential-services gnu:system:this-operating-system)) (services (cons* guix-home offload-extension + deployment:services:vpn:wireguard-service-akashi sovereign:systems:%sovereign-services)) (pam-services (gnu:system:pam:base-pam-services)) (privileged-programs gnu:system:%default-privileged-programs) diff --git a/deployment/system/cokolwiek.scm b/deployment/system/cokolwiek.scm index f6fc542..873e559 100644 --- a/deployment/system/cokolwiek.scm +++ b/deployment/system/cokolwiek.scm @@ -20,6 +20,8 @@ (define-module (deployment system cokolwiek) #:use-module (sovereign bootloader) + #:use-module ( (deployment services vpn) + #:prefix deployment:services:vpn:) #:use-module ( (gnu packages package-management) #:prefix gnu:packages:package-management:) #:use-module ( (gnu services) @@ -94,6 +96,7 @@ gnu:system:linux-initrd:%base-initrd-modules)) (l-services (cons* l-guix-home-service sovereign:packages:protonmail:nogui-profile + deployment:services:vpn:wireguard-service-giewont sovereign:systems:%sovereign-services)) (l-swap-devices (list swap)) (l-users (cons* users:id1000:uid1000-account diff --git a/deployment/system/rakan.scm b/deployment/system/rakan.scm index 48adec5..0f9b8d5 100644 --- a/deployment/system/rakan.scm +++ b/deployment/system/rakan.scm @@ -24,6 +24,8 @@ #:use-module (sovereign bootloader) #:use-module ( (deployment gexp) #:prefix deployment:gexp:) + #:use-module ( (deployment services vpn) + #:prefix deployment:services:vpn:) #:use-module ( (gnu home) #:prefix gnu:home:) #:use-module ( (gnu home services) @@ -272,6 +274,7 @@ sovereign:packages:protonmail:nogui-profile offload-auth samba-service + deployment:services:vpn:wireguard-service-rakan sovereign:systems:%sovereign-services)) (pam-services (gnu:system:pam:base-pam-services)) (privileged-programs gnu:system:%default-privileged-programs) |