Extract common service sets into separate modules

Common service sets (NextCloud, Matrix, WireGuard) should be in their own modules to make things neater, instead of being interleaved with operating system declarations.
author: Timo Wilken 2023-02-18 00:27:17 +0100
committer: Timo Wilken 2023-02-18 00:43:22 +0100
commit: 7044c9b52f9c6b7aa2a006f09198fe98addcfc9d (patch)
tree: e9b833d17091182c9ceb309cc2267c239f02cb50 /tw/system.scm
parent: 2e1998111667216351a4189be9f56b24743fe6a7 (diff)
1 files changed, 13 insertions, 113 deletions
diff --git a/tw/system.scm b/tw/system.scm
index 92eadeba..c9904e24 100644
--- a/tw/system.scm
+++ b/tw/system.scm
@@ -1,18 +1,15 @@
 (define-module (tw system)
-  #:use-module (ice-9 format)
-  #:use-module (ice-9 regex)
   #:use-module (ice-9 string-fun)
-  #:use-module ((srfi srfi-1) #:select (append-map every))
-  #:use-module ((srfi srfi-26) #:select (cut))
   #:use-module (gnu)
   #:use-module (gnu services)
   #:use-module (gnu system)
   #:use-module (gnu system keyboard)
-  #:use-module (guix gexp))
+  #:use-module (guix gexp)
+  #:use-module (tw services wireguard))
 
 (use-package-modules admin avahi certs curl disk file-systems linux lsof man
                      moreutils python rsync search shells version-control vpn)
-(use-service-modules configuration mcron monitoring networking ssh vpn)
+(use-service-modules mcron monitoring networking ssh vpn)
 
 (define-public %base-system-packages
   (cons* acpi btrfs-progs cpupower curl efibootmgr exfat-utils git glibc-locales
@@ -29,6 +26,16 @@
                     "keypad:oss"
                     "kpdl:kposs")))
 
+(define-public %server-base-user-accounts
+  (cons* (user-account
+          (name "timo")
+          (comment "Timo Wilken")
+          (group "users")
+          (home-directory "/home/timo")
+          (supplementary-groups '("wheel" "netdev" "audio" "video"))
+          (shell (file-append zsh "/bin/zsh")))
+         %base-user-accounts))
+
 ;; This is used for the servers, and also by (tw home) to generate the
 ;; appropriate ~/.ssh/config.
 (define-public %ssh-ports
@@ -83,110 +90,3 @@
        (inherit config)
        (motd (plain-file "no-motd" ""))
        (allow-empty-passwords? #f))))))
-
-(define-public %server-base-user-accounts
-  (cons* (user-account
-          (name "timo")
-          (comment "Timo Wilken")
-          (group "users")
-          (home-directory "/home/timo")
-          (supplementary-groups '("wheel" "netdev" "audio" "video"))
-          (shell (file-append zsh "/bin/zsh")))
-         %base-user-accounts))
-
-(define-public %wireguard-peers
-  `(("lap.twilken.net" .
-     ,(wireguard-peer
-       (name "lap.wg")
-       (public-key "lap/DvCb8xXLUCqcaPEx8kCRcoeV4ScTMVZW5hvvNzA=")
-       (preshared-key "/etc/wireguard/lap.psk")
-       (allowed-ips '("10.0.0.1/32" "fc00::1/128"))))
-    ("lud.twilken.net" .
-     ,(wireguard-peer
-       (name "lud.wg")
-       (endpoint "lud.twilken.net:58921")
-       (public-key "lud/9sbXVdOYXxOkRgAB+b/17QxbwllfJY/pbA3/MkE=")
-       (preshared-key "/etc/wireguard/lud.psk")
-       (allowed-ips '("10.0.0.2/32" "fc00::2/128"))))
-    ("vin.twilken.net" .
-     ,(wireguard-peer
-       (name "vin.wg")
-       (endpoint "vin.twilken.net:58921")
-       (public-key "vin/Im+sOszZFE01UF1+QlyxLP1PsPXJgTz4KmgvL3Y=")
-       (preshared-key "/etc/wireguard/vin.psk")
-       (allowed-ips '("10.0.0.3/32" "fc00::3/128"))))
-    ("fp4.twilken.net" .
-     ,(wireguard-peer
-       (name "fp4.wg")
-       (public-key "fp4/aLAVBADTy+UGmNh011w1CFOOwq70Df6EWlZRkAs=")
-       (preshared-key "/etc/wireguard/fp4.psk")
-       (allowed-ips '("10.0.0.4/32" "fc00::4/128"))))
-    ("pi3.twilken.net" .
-     ,(wireguard-peer
-       (name "pi3.wg")
-       (endpoint "pi3.twilken.net:58922")
-       (public-key "pi3/ThUH4qDTuyvNQIiiyy2dbziF/xLRTwO0+vcUoVY=")
-       (preshared-key "/etc/wireguard/pi3.psk")
-       (allowed-ips '("10.0.0.5/32" "fc00::5/128"))))))
-
-(define (wireguard-peers-list? object)
-  (and (list? object)
-       (every (compose string? car) object)
-       (every (compose wireguard-peer? cdr) object)))
-
-(export tw-wireguard-configuration)
-(define-configuration/no-serialization tw-wireguard-configuration
-  (this-host
-   (string)
-   "The host name of the machine being configured.")
-  (peers
-   (wireguard-peers-list %wireguard-peers)
-   "An alist of WireGuard peers to install."))
-
-(define (tw-wireguard-service config)
-  "Create a full WireGuard config from the personal network CONFIG."
-  (let ((own-peer (assoc-ref (tw-wireguard-configuration-peers config)
-                             (tw-wireguard-configuration-this-host config))))
-    (wireguard-configuration
-     (addresses
-      (map (lambda (cidr)
-             (let ((ipv4 (string-match "/32$" cidr))
-                   (ipv6 (string-match "/128$" cidr)))
-               (cond
-                (ipv4 (regexp-substitute #f ipv4 'pre "/24"))
-                (ipv6 (regexp-substitute #f ipv6 'pre "/64"))
-                (#t cidr))))
-           (wireguard-peer-allowed-ips own-peer)))
-     (port
-      (let ((endpoint (wireguard-peer-endpoint own-peer)))
-        (if endpoint
-            (string->number (cadr (string-split endpoint #\:)))
-            58921)))
-     (private-key "/etc/wireguard/private.key")
-     (peers (delq own-peer (map cdr (tw-wireguard-configuration-peers config)))))))
-
-(define (peer->ips peer)
-  "Extract IP addresses assigned to the given `wireguard-peer' PEER."
-  (map (compose car (cut string-split <> #\/))
-       (wireguard-peer-allowed-ips peer)))
-
-(define (tw-wireguard-hosts config)
-  "Generate a hosts file entries from the personal WireGuard network CONFIG."
-  (append-map (lambda (peer)
-                (map (cut host <> (wireguard-peer-name peer))
-                     (peer->ips peer)))
-              (map cdr (tw-wireguard-configuration-peers config))))
-
-(define-public tw-wireguard-service-type
-  (service-type
-   (name 'tw-wireguard)
-   (description "Set up my personal WireGuard network.")
-   (extensions
-    (cons* (service-extension hosts-service-type tw-wireguard-hosts)
-           ;; FIXME: `wireguard-service-type' cannot be extended, so copy its
-           ;; service-extensions directly.
-           (map (lambda (ext)
-                  (service-extension (service-extension-target ext)
-                                     (compose (service-extension-compute ext)
-                                              tw-wireguard-service)))
-                (service-type-extensions wireguard-service-type))))))
author	Timo Wilken	2023-02-18 00:27:17 +0100
committer	Timo Wilken	2023-02-18 00:43:22 +0100
commit	7044c9b52f9c6b7aa2a006f09198fe98addcfc9d (patch)
tree	e9b833d17091182c9ceb309cc2267c239f02cb50 /tw/system.scm
parent	2e1998111667216351a4189be9f56b24743fe6a7 (diff)