aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorW. Kosior <koszko@koszko.org>2025-03-21 09:36:12 +0100
committerW. Kosior <koszko@koszko.org>2025-03-21 09:36:12 +0100
commitdf209c32cfb8ba61947702e951e14fdf5073d623 (patch)
tree9f64a848743dc8a0556c9ea10d2dcba3d9940793
parentf43614e0dae9c4b8afbf5751d7999528f9ceb854 (diff)
downloadkoszko-org-guix-server-df209c32cfb8ba61947702e951e14fdf5073d623.tar.gz
koszko-org-guix-server-df209c32cfb8ba61947702e951e14fdf5073d623.zip
Configure OpenVPN for serving the `guixbuilds' client.
Diffstat
-rw-r--r--salamina.scm21
1 files changed, 13 insertions, 8 deletions
diff --git a/salamina.scm b/salamina.scm
index f3ea0c6..d09efd8 100644
--- a/salamina.scm
+++ b/salamina.scm
@@ -885,13 +885,18 @@ authorityKeyIdentifier = keyid,issuer:always
(unless (file-exists? "dh4096.pem")
(invoke/quiet openssl "dhparam" "-out" "dh4096.pem" "4096"))))))
-(define %pafos-client-ccd
- (vpn:openvpn-ccd-configuration
- (name "koszko.org-pafos-client")
- (iroute "10.8.0.36 255.255.255.255")
- (ifconfig-push "10.8.0.36 10.8.0.1")
- ;; Note: `opaque-configuration' is only supported by Wojtek's custom Guix.
- (opaque-configuration "push \"dhcp-option DNS 10.8.0.1\"")))
+(define %client-ccds
+ (map (match-lambda
+ ((vpn-ip . name)
+ (vpn:openvpn-ccd-configuration
+ (name name)
+ (iroute (format #f "~a 255.255.255.255" vpn-ip))
+ (ifconfig-push (format #f "~a 10.8.0.1" vpn-ip))
+ ;; Note: `opaque-configuration' is only supported by Wojtek's custom
+ ;; Guix.
+ (opaque-configuration "push \"dhcp-option DNS 10.8.0.1\""))))
+ '(("10.8.0.36" . "koszko.org-pafos-client")
+ ("10.8.0.14" . "koszko.org-guixbuilds-client"))))
(prepend %services
(service vpn:openvpn-server-service-type
@@ -905,7 +910,7 @@ authorityKeyIdentifier = keyid,issuer:always
(dh "/etc/openvpn/dh4096.pem")
(redirect-gateway? #t)
(client-to-client? #t)
- (client-config-dir (list %pafos-client-ccd)))))
+ (client-config-dir %client-ccds))))
(prepend %services
generated by cgit