diff options
Diffstat (limited to 'tw/system/common.scm')
-rw-r--r-- | tw/system/common.scm | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/tw/system/common.scm b/tw/system/common.scm new file mode 100644 index 00000000..89d49281 --- /dev/null +++ b/tw/system/common.scm @@ -0,0 +1,103 @@ +(define-module (tw system common) + #:use-module (ice-9 regex) + #:use-module ((srfi srfi-1) + #:select (fold fold-right)) + #:use-module (gnu) + #:use-module (gnu services) + #:use-module (gnu services vpn) + #:use-module (gnu system keyboard) + #:use-module (guix gexp)) + +(use-package-modules admin avahi certs disk file-systems linux lsof man + moreutils search vpn) + +(define-public %common-system-packages + (list acpi btrfs-progs cpupower efibootmgr exfat-utils glibc-locales hddtemp + htop lshw lsof man-db man-pages man-pages-posix mlocate moreutils + nss-certs nss-mdns strace wireguard-tools)) + +(define-public %british-keyboard + (keyboard-layout + "gb" #:options '("caps:swapescape" + "parens:swap_brackets" + "terminate:ctrl_alt_bksp" + "compose:rctrl" + "keypad:oss" + "kpdl:kposs"))) + +(define %wireguard-peers + `((lap . ,(wireguard-peer + (name "lap.wg") + (public-key "lap/DvCb8xXLUCqcaPEx8kCRcoeV4ScTMVZW5hvvNzA=") + (preshared-key "/etc/wireguard/lap.psk") + (allowed-ips '("10.0.0.1/32" "fc00::1/128")))) + (lud . ,(wireguard-peer + (name "lud.wg") + (endpoint "lud.twilken.net:58921") + (public-key "lud/9sbXVdOYXxOkRgAB+b/17QxbwllfJY/pbA3/MkE=") + (preshared-key "/etc/wireguard/lud.psk") + (allowed-ips '("10.0.0.2/32" "fc00::2/128")))) + (vin . ,(wireguard-peer + (name "vin.wg") + (endpoint "vin.twilken.net:58921") + (public-key "vin/Im+sOszZFE01UF1+QlyxLP1PsPXJgTz4KmgvL3Y=") + (preshared-key "/etc/wireguard/vin.psk") + (allowed-ips '("10.0.0.3/32" "fc00::3/128")))) + (fp4 . ,(wireguard-peer + (name "fp4.wg") + (public-key "fp4/aLAVBADTy+UGmNh011w1CFOOwq70Df6EWlZRkAs=") + (preshared-key "/etc/wireguard/fp4.psk") + (allowed-ips '("10.0.0.4/32" "fc00::4/128")))) + (pi3 . ,(wireguard-peer + (name "pi3.wg") + (endpoint "pi3.twilken.net:58922") + (public-key "pi3/ThUH4qDTuyvNQIiiyy2dbziF/xLRTwO0+vcUoVY=") + (preshared-key "/etc/wireguard/pi3.psk") + (allowed-ips '("10.0.0.5/32" "fc00::5/128")))))) + +(define-public %wireguard-etc-hosts + (let ((basic-hosts-file "\ +# This file was generated from your Guix configuration. +# Any changes will be lost upon reboot or reconfiguration. +127.0.0.1 localhost +255.255.255.255 broadcasthost +::1 localhost ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts +")) + (plain-file + "hosts" + (fold (lambda (peer hosts-file) + (apply string-append hosts-file + (map (lambda (allowed-ip-cidr) + (format #f "~16a~a~%" + (car (string-split allowed-ip-cidr #\/)) + (wireguard-peer-name peer))) + (wireguard-peer-allowed-ips peer)))) + basic-hosts-file + (map cdr %wireguard-peers))))) + +(define-public (wireguard-service host) + (let ((own-peer (assoc-ref %wireguard-peers host))) + (service + wireguard-service-type + (wireguard-configuration + (addresses + (map (lambda (cidr) + (let ((ipv4 (string-match "/32$" cidr)) + (ipv6 (string-match "/128$" cidr))) + (cond + (ipv4 (regexp-substitute #f ipv4 'pre "/24")) + (ipv6 (regexp-substitute #f ipv6 'pre "/64")) + (#t cidr)))) + (wireguard-peer-allowed-ips own-peer))) + (port + (let ((endpoint (wireguard-peer-endpoint own-peer))) + (if endpoint + (string->number (cadr (string-split endpoint #\:))) + 58921))) + (private-key "/etc/wireguard/private.key") + (peers (delq own-peer (map cdr %wireguard-peers))))))) |