diff options
Diffstat (limited to 'deployment/services')
| -rw-r--r-- | deployment/services/dns.scm | 7 | ||||
| -rw-r--r-- | deployment/services/vpn.scm | 79 |
2 files changed, 85 insertions, 1 deletions
diff --git a/deployment/services/dns.scm b/deployment/services/dns.scm index fb77804..3b423b0 100644 --- a/deployment/services/dns.scm +++ b/deployment/services/dns.scm @@ -19,7 +19,8 @@ ;;; If not, see <https://www.gnu.org/licenses/>. (define-module (deployment services dns) - #:export (knot-service-aisaka) + #:export (knot-service-aisaka + wireguard-endpoint) #:use-module (gnu services) #:use-module (gnu services dns)) @@ -34,6 +35,10 @@ ip-otvarta " -all\"")) +(define wireguard-endpoint + (string-append ip-multimedia + ":51820")) + (define-zone-entries marekpasnikowski.pl-entries ("@" ttl "IN" "A" ip-otvarta) ("1" ttl "IN" "A" ip-otvarta) diff --git a/deployment/services/vpn.scm b/deployment/services/vpn.scm new file mode 100644 index 0000000..269305d --- /dev/null +++ b/deployment/services/vpn.scm @@ -0,0 +1,79 @@ +;;; SPDX-License-Identifier: GPL-3.0-or-later +;;; SPDX-FileCopyrightText: 2026 Marek Paśnikowski <marek@marekpasnikowski.pl> + +;;; COPYRIGHT NOTICE +;;; +;;; Copyright 2026, Marek Paśnikowski <marek@marekpasnikowski.pl> + +;;; LICENSE NOTICE +;;; +;;; This library is free software: you can redistribute it and/or modify it under the terms of +;;; the GNU General Public License as published by the Free Software Foundation, +;;; either version 3 of the License, or (at your option) any later version. +;;; +;;; This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +;;; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +;;; See the GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License along with this library. +;;; If not, see <https://www.gnu.org/licenses/>. + +(define-module (deployment services vpn) + #:export (wireguard-service-aisaka + wireguard-service-giewont + wireguard-service-rakan) + #:use-module (gnu services) + #:use-module (gnu services vpn) + #:use-module (sovereign services vpn) + #:use-module ((deployment services dns) + #:prefix deployment:services:dns:)) + +(define wireguard-peer-aisaka + (wireguard-peer + (inherit %wireguard-peer) + (name "aisaka") + (endpoint deployment:services:dns:wireguard-endpoint) + (public-key "7B6fgIKVZs6DWN3hdDGlYI8XpvHWGCjZKh6kbY/KKg8="))) + +(define wireguard-peer-giewont + (wireguard-peer + (inherit %wireguard-peer) + (name "giewont") + (endpoint deployment:services:dns:wireguard-endpoint) + (public-key "/XsuEpAHX1iEc5abcmY9sYTx8qETAuSLjEmx5ekqfwM="))) + +(define wireguard-peer-rakan + (wireguard-peer + (inherit %wireguard-peer) + (name "rakan") + (public-key "vOEJivgw9C7wZwYX3Kiqw3Ycl6wErr8N9z3BmkhF0Us=") + (allowed-ips (list "10.0.0.3/32")))) + +(define wireguard-configuration-aisaka + (wireguard-configuration + (inherit %wireguard-configuration) + (peers (list wireguard-peer-giewont + wireguard-peer-rakan)))) + +(define wireguard-configuration-giewont + (wireguard-configuration + (inherit %wireguard-configuration) + (addresses (list "10.0.0.2/32")) + (peers (list wireguard-peer-aisaka)))) + +(define wireguard-configuration-rakan + (wireguard-configuration + (inherit %wireguard-configuration) + (addresses (list "10.0.0.3/32")) + (peers (list wireguard-peer-aisaka)))) + +(define wireguard-service-aisaka + (wireguard-service wireguard-configuration-aisaka)) + +(define wireguard-service-giewont + (wireguard-service wireguard-configuration-giewont)) + +(define wireguard-service-rakan + (wireguard-service wireguard-configuration-rakan)) + +;;; EOF |