deployment/services/vpn.scm


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

;;; SPDX-License-Identifier: GPL-3.0-or-later
;;; SPDX-FileCopyrightText: 2026 Marek Paśnikowski <marek@marekpasnikowski.pl>

;;; COPYRIGHT NOTICE
;;;
;;; Copyright 2026, Marek Paśnikowski <marek@marekpasnikowski.pl>

;;; LICENSE NOTICE
;;;
;;; This library is free software: you can redistribute it and/or modify it under the terms of
;;; the GNU General Public License as published by the Free Software Foundation,
;;; either version 3 of the License, or (at your option) any later version.
;;;
;;; This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
;;; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
;;; See the GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License along with this library.
;;; If not, see <https://www.gnu.org/licenses/>.

(define-module (deployment services vpn)
  #:export     (wireguard-service-aisaka
                wireguard-service-giewont
                wireguard-service-rakan)
  #:use-module (gnu services)
  #:use-module (gnu services vpn)
  #:use-module (sovereign services vpn)
  #:use-module ((deployment services dns)
                #:prefix deployment:services:dns:))

(define wireguard-peer-aisaka
  (wireguard-peer
   (inherit     %wireguard-peer)
   (name        "aisaka")
   (endpoint    deployment:services:dns:wireguard-endpoint)
   (public-key  "7B6fgIKVZs6DWN3hdDGlYI8XpvHWGCjZKh6kbY/KKg8=")))

(define wireguard-peer-giewont
  (wireguard-peer
   (inherit     %wireguard-peer)
   (name        "giewont")
   (public-key  "/XsuEpAHX1iEc5abcmY9sYTx8qETAuSLjEmx5ekqfwM=")
   (allowed-ips (list "10.0.0.2/32"))))

(define wireguard-peer-rakan
  (wireguard-peer
   (inherit     %wireguard-peer)
   (name        "rakan")
   (public-key  "vOEJivgw9C7wZwYX3Kiqw3Ycl6wErr8N9z3BmkhF0Us=")
   (allowed-ips (list "10.0.0.3/32"))))

(define wireguard-configuration-aisaka
  (wireguard-configuration
   (inherit %wireguard-configuration)
   (peers   (list wireguard-peer-giewont
                  wireguard-peer-rakan))))

(define wireguard-configuration-giewont
  (wireguard-configuration
   (inherit   %wireguard-configuration)
   (addresses (list "10.0.0.2/24"))
   (peers     (list wireguard-peer-aisaka))))

(define wireguard-configuration-rakan
  (wireguard-configuration
   (inherit   %wireguard-configuration)
   (addresses (list "10.0.0.3/24"))
   (peers     (list wireguard-peer-aisaka))))

(define wireguard-service-aisaka
  (wireguard-service wireguard-configuration-aisaka))

(define wireguard-service-giewont
  (wireguard-service wireguard-configuration-giewont))

(define wireguard-service-rakan
  (wireguard-service wireguard-configuration-rakan))

;;; EOF