diff options
Diffstat (limited to 'tw/services/wireguard.scm')
| -rw-r--r-- | tw/services/wireguard.scm | 67 |
1 files changed, 26 insertions, 41 deletions
diff --git a/tw/services/wireguard.scm b/tw/services/wireguard.scm index 4a69be8c..1906f70e 100644 --- a/tw/services/wireguard.scm +++ b/tw/services/wireguard.scm @@ -1,4 +1,6 @@ (define-module (tw services wireguard) + #:use-module (ice-9 format) + #:use-module (ice-9 match) #:use-module (ice-9 regex) #:use-module ((srfi srfi-1) #:select (append-map every)) #:use-module ((srfi srfi-26) #:select (cut)) @@ -15,45 +17,27 @@ tw-wireguard-service-type)) (define %wireguard-peers - `(("lap.twilken.net" . - ,(wireguard-peer - (name "lap.wg") - (public-key "lap/DvCb8xXLUCqcaPEx8kCRcoeV4ScTMVZW5hvvNzA=") - (preshared-key "/etc/wireguard/lap.psk") - (allowed-ips '("10.0.0.1/32" "fc00::1/128")))) - ("lud.twilken.net" . - ,(wireguard-peer - (name "lud.wg") - (endpoint "lud.twilken.net:58921") - (public-key "lud/9sbXVdOYXxOkRgAB+b/17QxbwllfJY/pbA3/MkE=") - (preshared-key "/etc/wireguard/lud.psk") - (allowed-ips '("10.0.0.2/32" "fc00::2/128")))) - ("vin.twilken.net" . - ,(wireguard-peer - (name "vin.wg") - (endpoint "vin.twilken.net:58921") - (public-key "vin/Im+sOszZFE01UF1+QlyxLP1PsPXJgTz4KmgvL3Y=") - (preshared-key "/etc/wireguard/vin.psk") - (allowed-ips '("10.0.0.3/32" "fc00::3/128")))) - ("fp4.twilken.net" . - ,(wireguard-peer - (name "fp4.wg") - (public-key "fp4/aLAVBADTy+UGmNh011w1CFOOwq70Df6EWlZRkAs=") - (preshared-key "/etc/wireguard/fp4.psk") - (allowed-ips '("10.0.0.4/32" "fc00::4/128")))) - ("pi3.twilken.net" . - ,(wireguard-peer - (name "pi3.wg") - (endpoint "pi3.twilken.net:58922") - (public-key "pi3/ThUH4qDTuyvNQIiiyy2dbziF/xLRTwO0+vcUoVY=") - (preshared-key "/etc/wireguard/pi3.psk") - (allowed-ips '("10.0.0.5/32" "fc00::5/128")))) - ("frm.twilken.net" . - ,(wireguard-peer - (name "frm.wg") - (public-key "frm/YGu1BfXUl4jrN0PTFMNdTQXWPSuY1wEpz5W9C2Y=") - (preshared-key "/etc/wireguard/frm.psk") - (allowed-ips '("10.0.0.6/32" "fc00::6/128")))))) + ;; Order in the following list is significant! It determines what IPs are assigned. + (let ((peers '(("lap" "lap/DvCb8xXLUCqcaPEx8kCRcoeV4ScTMVZW5hvvNzA=" #f) + ("lud" "lud/9sbXVdOYXxOkRgAB+b/17QxbwllfJY/pbA3/MkE=" 58921) + ("vin" "vin/Im+sOszZFE01UF1+QlyxLP1PsPXJgTz4KmgvL3Y=" 58921) + ("fp4" "fp4/aLAVBADTy+UGmNh011w1CFOOwq70Df6EWlZRkAs=" #f) + ("pi3" "pi3/ThUH4qDTuyvNQIiiyy2dbziF/xLRTwO0+vcUoVY=" 58922) + ("frm" "frm/YGu1BfXUl4jrN0PTFMNdTQXWPSuY1wEpz5W9C2Y=" #f) + ("btl" "btl/kAgD+DVXsApNn53JCZdgZ9iJvVpFZVpa3Z+rrj4=" #f)))) + + (map (match-lambda* + ((i (name public-key port)) + (cons (string-append name ".twilken.net") + (wireguard-peer + (name (string-append name ".wg")) + (endpoint (and port (format #f "~a.twilken.net:~d" name port))) + (public-key public-key) + (preshared-key (string-append "/etc/wireguard/" name ".psk")) + (allowed-ips (list (format #f "10.0.0.~d/32" (+ i 1)) + (format #f "fc00::~d/128" (+ i 1))))))) + (args (error "Unknown peer spec" args))) + (iota (length peers)) peers))) (define (wireguard-peers-list? object) (and (list? object) @@ -72,12 +56,13 @@ "Where to store this host's private key.")) (define (other-peers this-host peers) - (let ((own-peer (assoc-ref peers this-host))) - (delq own-peer (map cdr peers)))) + (delq (assoc-ref peers this-host) (map cdr peers))) (define (tw-wireguard-service config) "Create a full WireGuard config from the personal network CONFIG." (match-record config <tw-wireguard-configuration> (this-host peers private-key-file) + (unless (assoc this-host peers) + (error "No peer config found for host" this-host)) (match-record (assoc-ref peers this-host) (@@ (gnu services vpn) <wireguard-peer>) (endpoint allowed-ips) (wireguard-configuration (addresses |