(define-module (tw system common) #:use-module (ice-9 regex) #:use-module ((srfi srfi-1) #:select (fold fold-right)) #:use-module (gnu) #:use-module (gnu services) #:use-module (gnu services vpn) #:use-module (gnu system keyboard) #:use-module (guix gexp)) (use-package-modules admin avahi certs disk file-systems linux lsof man moreutils search vpn) (define-public %common-system-packages (list acpi btrfs-progs cpupower efibootmgr exfat-utils glibc-locales hddtemp htop lshw lsof man-db man-pages man-pages-posix mlocate moreutils nss-certs nss-mdns strace wireguard-tools)) (define-public %british-keyboard (keyboard-layout "gb" #:options '("caps:swapescape" "parens:swap_brackets" "terminate:ctrl_alt_bksp" "compose:rctrl" "keypad:oss" "kpdl:kposs"))) (define %wireguard-peers `((lap . ,(wireguard-peer (name "lap.wg") (public-key "lap/DvCb8xXLUCqcaPEx8kCRcoeV4ScTMVZW5hvvNzA=") (preshared-key "/etc/wireguard/lap.psk") (allowed-ips '("10.0.0.1/32" "fc00::1/128")))) (lud . ,(wireguard-peer (name "lud.wg") (endpoint "lud.twilken.net:58921") (public-key "lud/9sbXVdOYXxOkRgAB+b/17QxbwllfJY/pbA3/MkE=") (preshared-key "/etc/wireguard/lud.psk") (allowed-ips '("10.0.0.2/32" "fc00::2/128")))) (vin . ,(wireguard-peer (name "vin.wg") (endpoint "vin.twilken.net:58921") (public-key "vin/Im+sOszZFE01UF1+QlyxLP1PsPXJgTz4KmgvL3Y=") (preshared-key "/etc/wireguard/vin.psk") (allowed-ips '("10.0.0.3/32" "fc00::3/128")))) (fp4 . ,(wireguard-peer (name "fp4.wg") (public-key "fp4/aLAVBADTy+UGmNh011w1CFOOwq70Df6EWlZRkAs=") (preshared-key "/etc/wireguard/fp4.psk") (allowed-ips '("10.0.0.4/32" "fc00::4/128")))) (pi3 . ,(wireguard-peer (name "pi3.wg") (endpoint "pi3.twilken.net:58922") (public-key "pi3/ThUH4qDTuyvNQIiiyy2dbziF/xLRTwO0+vcUoVY=") (preshared-key "/etc/wireguard/pi3.psk") (allowed-ips '("10.0.0.5/32" "fc00::5/128")))))) (define-public %wireguard-etc-hosts (let ((basic-hosts-file "\ # This file was generated from your Guix configuration. # Any changes will be lost upon reboot or reconfiguration. 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts ")) (plain-file "hosts" (fold (lambda (peer hosts-file) (apply string-append hosts-file (map (lambda (allowed-ip-cidr) (format #f "~16a~a~%" (car (string-split allowed-ip-cidr #\/)) (wireguard-peer-name peer))) (wireguard-peer-allowed-ips peer)))) basic-hosts-file (map cdr %wireguard-peers))))) (define-public (wireguard-service host) (let ((own-peer (assoc-ref %wireguard-peers host))) (service wireguard-service-type (wireguard-configuration (addresses (map (lambda (cidr) (let ((ipv4 (string-match "/32$" cidr)) (ipv6 (string-match "/128$" cidr))) (cond (ipv4 (regexp-substitute #f ipv4 'pre "/24")) (ipv6 (regexp-substitute #f ipv6 'pre "/64")) (#t cidr)))) (wireguard-peer-allowed-ips own-peer))) (port (let ((endpoint (wireguard-peer-endpoint own-peer))) (if endpoint (string->number (cadr (string-split endpoint #\:))) 58921))) (private-key "/etc/wireguard/private.key") (peers (delq own-peer (map cdr %wireguard-peers)))))))