blob: fb8c50f9f156edb5064d4bdc70e14bac79978b82 (
about) (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
(define-module (tw system common)
#:use-module (ice-9 format)
#:use-module (ice-9 regex)
#:use-module ((srfi srfi-1)
#:select (fold fold-right))
#:use-module (gnu)
#:use-module (gnu services)
#:use-module (gnu services vpn)
#:use-module (gnu system)
#:use-module (gnu system keyboard)
#:use-module (guix gexp))
(use-package-modules admin avahi certs disk file-systems linux lsof man
moreutils search version-control vpn)
(define-public %common-system-packages
(list acpi btrfs-progs cpupower efibootmgr exfat-utils git glibc-locales
hddtemp htop lshw lsof man-db man-pages man-pages-posix mlocate
moreutils nss-certs nss-mdns strace wireguard-tools))
(define-public %british-keyboard
(keyboard-layout
"gb" #:options '("caps:swapescape"
"parens:swap_brackets"
"terminate:ctrl_alt_bksp"
"compose:rctrl"
"keypad:oss"
"kpdl:kposs")))
(define-public %server-base-user-accounts
(cons* (user-account
(name "timo")
(comment "Timo Wilken")
(group "users")
(home-directory "/home/timo")
(supplementary-groups '("wheel" "netdev" "audio" "video"))
(shell (file-append zsh "/bin/zsh")))
(user-account ; needs a matching sudoers entry
(system? #t)
(name "guixdeploy")
(comment "Guix-deploy access")
(group "root")
(home-directory "/var/empty")
(create-home-directory? #f))
%base-user-accounts))
(define %wireguard-peers
`((lap . ,(wireguard-peer
(name "lap.wg")
(public-key "lap/DvCb8xXLUCqcaPEx8kCRcoeV4ScTMVZW5hvvNzA=")
(preshared-key "/etc/wireguard/lap.psk")
(allowed-ips '("10.0.0.1/32" "fc00::1/128"))))
(lud . ,(wireguard-peer
(name "lud.wg")
(endpoint "lud.twilken.net:58921")
(public-key "lud/9sbXVdOYXxOkRgAB+b/17QxbwllfJY/pbA3/MkE=")
(preshared-key "/etc/wireguard/lud.psk")
(allowed-ips '("10.0.0.2/32" "fc00::2/128"))))
(vin . ,(wireguard-peer
(name "vin.wg")
(endpoint "vin.twilken.net:58921")
(public-key "vin/Im+sOszZFE01UF1+QlyxLP1PsPXJgTz4KmgvL3Y=")
(preshared-key "/etc/wireguard/vin.psk")
(allowed-ips '("10.0.0.3/32" "fc00::3/128"))))
(fp4 . ,(wireguard-peer
(name "fp4.wg")
(public-key "fp4/aLAVBADTy+UGmNh011w1CFOOwq70Df6EWlZRkAs=")
(preshared-key "/etc/wireguard/fp4.psk")
(allowed-ips '("10.0.0.4/32" "fc00::4/128"))))
(pi3 . ,(wireguard-peer
(name "pi3.wg")
(endpoint "pi3.twilken.net:58922")
(public-key "pi3/ThUH4qDTuyvNQIiiyy2dbziF/xLRTwO0+vcUoVY=")
(preshared-key "/etc/wireguard/pi3.psk")
(allowed-ips '("10.0.0.5/32" "fc00::5/128"))))))
(define-public %wireguard-etc-hosts
(let ((basic-hosts-file "\
# This file was generated from your Guix configuration.
# Any changes will be lost upon reboot or reconfiguration.
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
"))
(plain-file
"hosts"
(fold (lambda (peer hosts-file)
(apply string-append hosts-file
(map (lambda (allowed-ip-cidr)
(format #f "~16a~a~%"
(car (string-split allowed-ip-cidr #\/))
(wireguard-peer-name peer)))
(wireguard-peer-allowed-ips peer))))
basic-hosts-file
(map cdr %wireguard-peers)))))
(define-public (wireguard-service host)
(let ((own-peer (assoc-ref %wireguard-peers host)))
(service wireguard-service-type
(wireguard-configuration
(addresses
(map (lambda (cidr)
(let ((ipv4 (string-match "/32$" cidr))
(ipv6 (string-match "/128$" cidr)))
(cond
(ipv4 (regexp-substitute #f ipv4 'pre "/24"))
(ipv6 (regexp-substitute #f ipv6 'pre "/64"))
(#t cidr))))
(wireguard-peer-allowed-ips own-peer)))
(port
(let ((endpoint (wireguard-peer-endpoint own-peer)))
(if endpoint
(string->number (cadr (string-split endpoint #\:)))
58921)))
(private-key "/etc/wireguard/private.key")
(peers (delq own-peer (map cdr %wireguard-peers)))))))
|
