diff options
| author | W. Kosior <koszko@koszko.org> | 2025-03-13 10:49:52 +0100 |
|---|---|---|
| committer | W. Kosior <koszko@koszko.org> | 2025-03-13 10:49:52 +0100 |
| commit | 217f82043a52988ff695edafaa95cd1e0c29e106 (patch) | |
| tree | 774d5b82cc9c7c208000b631be7b0bccff616ed7 | |
| parent | 074ec7c48f908132bd7e0e254159e7b298248543 (diff) | |
| download | koszko-org-guix-server-217f82043a52988ff695edafaa95cd1e0c29e106.tar.gz koszko-org-guix-server-217f82043a52988ff695edafaa95cd1e0c29e106.zip | |
Configure OpenVPN & iptables for serving the `pafos' host.
| -rw-r--r-- | salamina.scm | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/salamina.scm b/salamina.scm index 59cf965..f41443c 100644 --- a/salamina.scm +++ b/salamina.scm @@ -579,6 +579,9 @@ proxy65_acl = { \"koszko.org\" } (domain "koszko.org"))))))) +(define %salamina-v4-addr + "188.68.237.248") + (prepend %services (service net:iptables-service-type (net:iptables-configuration @@ -596,12 +599,13 @@ COMMIT ~:{-A ~a -p ~a --destination 10.8.0.1 --dport 53 \ -j DNAT --to-destination 10.8.0.1:5353~%~}\ -COMMIT -" '((OUTPUT udp) (OUTPUT tcp) (PREROUTING udp) (PREROUTING tcp)))))))) +-A PREROUTING -p tcp --destination ~a --dport 11022 \ + -j DNAT --to-destination 10.8.0.36:11022 +COMMIT +" '((OUTPUT udp) (OUTPUT tcp) (PREROUTING udp) (PREROUTING tcp)) + %salamina-v4-addr)))))) -(define %salamina-v4-addr - "188.68.237.248") (define (make-koszko-zone-entries domain) (dns:define-zone-entries entries @@ -881,6 +885,14 @@ authorityKeyIdentifier = keyid,issuer:always (unless (file-exists? "dh4096.pem") (invoke/quiet openssl "dhparam" "-out" "dh4096.pem" "4096")))))) +(define %pafos-client-ccd + (vpn:openvpn-ccd-configuration + (name "koszko.org-pafos-client") + (iroute "10.8.0.36 255.255.255.255") + (ifconfig-push "10.8.0.36 10.8.0.1") + ;; Note: `opaque-configuration' is only supported by Wojtek's custom Guix. + (opaque-configuration "push \"dhcp-option DNS 10.8.0.1\""))) + (prepend %services (service vpn:openvpn-server-service-type (vpn:openvpn-server-configuration @@ -893,10 +905,7 @@ authorityKeyIdentifier = keyid,issuer:always (dh "/etc/openvpn/dh4096.pem") (redirect-gateway? #t) (client-to-client? #t) - (client-config-dir (list (vpn:openvpn-ccd-configuration - (name "koszko.org-pafos-client") - (iroute "10.8.0.36 255.255.255.255") - (ifconfig-push "10.8.0.36 10.8.0.1"))))))) + (client-config-dir (list %pafos-client-ccd))))) (prepend %services |