1 files changed, 13 insertions, 113 deletions

diff --git a/tw/system.scm b/tw/system.scm
index 92eadeba..c9904e24 100644
--- a/tw/system.scm
+++ b/tw/system.scm
@@ -1,18 +1,15 @@
 (define-module (tw system)
-  #:use-module (ice-9 format)
-  #:use-module (ice-9 regex)
   #:use-module (ice-9 string-fun)
-  #:use-module ((srfi srfi-1) #:select (append-map every))
-  #:use-module ((srfi srfi-26) #:select (cut))
   #:use-module (gnu)
   #:use-module (gnu services)
   #:use-module (gnu system)
   #:use-module (gnu system keyboard)
-  #:use-module (guix gexp))
+  #:use-module (guix gexp)
+  #:use-module (tw services wireguard))
 
 (use-package-modules admin avahi certs curl disk file-systems linux lsof man
                      moreutils python rsync search shells version-control vpn)
-(use-service-modules configuration mcron monitoring networking ssh vpn)
+(use-service-modules mcron monitoring networking ssh vpn)
 
 (define-public %base-system-packages
   (cons* acpi btrfs-progs cpupower curl efibootmgr exfat-utils git glibc-locales
@@ -29,6 +26,16 @@
                     "keypad:oss"
                     "kpdl:kposs")))
 
+(define-public %server-base-user-accounts
+  (cons* (user-account
+          (name "timo")
+          (comment "Timo Wilken")
+          (group "users")
+          (home-directory "/home/timo")
+          (supplementary-groups '("wheel" "netdev" "audio" "video"))
+          (shell (file-append zsh "/bin/zsh")))
+         %base-user-accounts))
+
 ;; This is used for the servers, and also by (tw home) to generate the
 ;; appropriate ~/.ssh/config.
 (define-public %ssh-ports
@@ -83,110 +90,3 @@
        (inherit config)
        (motd (plain-file "no-motd" ""))
        (allow-empty-passwords? #f))))))
-
-(define-public %server-base-user-accounts
-  (cons* (user-account
-          (name "timo")
-          (comment "Timo Wilken")
-          (group "users")
-          (home-directory "/home/timo")
-          (supplementary-groups '("wheel" "netdev" "audio" "video"))
-          (shell (file-append zsh "/bin/zsh")))
-         %base-user-accounts))
-
-(define-public %wireguard-peers
-  `(("lap.twilken.net" .
-     ,(wireguard-peer
-       (name "lap.wg")
-       (public-key "lap/DvCb8xXLUCqcaPEx8kCRcoeV4ScTMVZW5hvvNzA=")
-       (preshared-key "/etc/wireguard/lap.psk")
-       (allowed-ips '("10.0.0.1/32" "fc00::1/128"))))
-    ("lud.twilken.net" .
-     ,(wireguard-peer
-       (name "lud.wg")
-       (endpoint "lud.twilken.net:58921")
-       (public-key "lud/9sbXVdOYXxOkRgAB+b/17QxbwllfJY/pbA3/MkE=")
-       (preshared-key "/etc/wireguard/lud.psk")
-       (allowed-ips '("10.0.0.2/32" "fc00::2/128"))))
-    ("vin.twilken.net" .
-     ,(wireguard-peer
-       (name "vin.wg")
-       (endpoint "vin.twilken.net:58921")
-       (public-key "vin/Im+sOszZFE01UF1+QlyxLP1PsPXJgTz4KmgvL3Y=")
-       (preshared-key "/etc/wireguard/vin.psk")
-       (allowed-ips '("10.0.0.3/32" "fc00::3/128"))))
-    ("fp4.twilken.net" .
-     ,(wireguard-peer
-       (name "fp4.wg")
-       (public-key "fp4/aLAVBADTy+UGmNh011w1CFOOwq70Df6EWlZRkAs=")
-       (preshared-key "/etc/wireguard/fp4.psk")
-       (allowed-ips '("10.0.0.4/32" "fc00::4/128"))))
-    ("pi3.twilken.net" .
-     ,(wireguard-peer
-       (name "pi3.wg")
-       (endpoint "pi3.twilken.net:58922")
-       (public-key "pi3/ThUH4qDTuyvNQIiiyy2dbziF/xLRTwO0+vcUoVY=")
-       (preshared-key "/etc/wireguard/pi3.psk")
-       (allowed-ips '("10.0.0.5/32" "fc00::5/128"))))))
-
-(define (wireguard-peers-list? object)
-  (and (list? object)
-       (every (compose string? car) object)
-       (every (compose wireguard-peer? cdr) object)))
-
-(export tw-wireguard-configuration)
-(define-configuration/no-serialization tw-wireguard-configuration
-  (this-host
-   (string)
-   "The host name of the machine being configured.")
-  (peers
-   (wireguard-peers-list %wireguard-peers)
-   "An alist of WireGuard peers to install."))
-
-(define (tw-wireguard-service config)
-  "Create a full WireGuard config from the personal network CONFIG."
-  (let ((own-peer (assoc-ref (tw-wireguard-configuration-peers config)
-                             (tw-wireguard-configuration-this-host config))))
-    (wireguard-configuration
-     (addresses
-      (map (lambda (cidr)
-             (let ((ipv4 (string-match "/32$" cidr))
-                   (ipv6 (string-match "/128$" cidr)))
-               (cond
-                (ipv4 (regexp-substitute #f ipv4 'pre "/24"))
-                (ipv6 (regexp-substitute #f ipv6 'pre "/64"))
-                (#t cidr))))
-           (wireguard-peer-allowed-ips own-peer)))
-     (port
-      (let ((endpoint (wireguard-peer-endpoint own-peer)))
-        (if endpoint
-            (string->number (cadr (string-split endpoint #\:)))
-            58921)))
-     (private-key "/etc/wireguard/private.key")
-     (peers (delq own-peer (map cdr (tw-wireguard-configuration-peers config)))))))
-
-(define (peer->ips peer)
-  "Extract IP addresses assigned to the given `wireguard-peer' PEER."
-  (map (compose car (cut string-split <> #\/))
-       (wireguard-peer-allowed-ips peer)))
-
-(define (tw-wireguard-hosts config)
-  "Generate a hosts file entries from the personal WireGuard network CONFIG."
-  (append-map (lambda (peer)
-                (map (cut host <> (wireguard-peer-name peer))
-                     (peer->ips peer)))
-              (map cdr (tw-wireguard-configuration-peers config))))
-
-(define-public tw-wireguard-service-type
-  (service-type
-   (name 'tw-wireguard)
-   (description "Set up my personal WireGuard network.")
-   (extensions
-    (cons* (service-extension hosts-service-type tw-wireguard-hosts)
-           ;; FIXME: `wireguard-service-type' cannot be extended, so copy its
-           ;; service-extensions directly.
-           (map (lambda (ext)
-                  (service-extension (service-extension-target ext)
-                                     (compose (service-extension-compute ext)
-                                              tw-wireguard-service)))
-                (service-type-extensions wireguard-service-type))))))