Add Public IP address through WireGuard
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
parent
31da868705
commit
495c347e77
|
@ -9,6 +9,7 @@ first-boot.sh
|
|||
guix-commit.txt
|
||||
id_ed25519
|
||||
id_ed25519.pub
|
||||
id_wireguard
|
||||
index.html
|
||||
install-sh
|
||||
Makefile
|
||||
|
@ -17,3 +18,4 @@ missing
|
|||
mumble-vm-machine.scm
|
||||
mumble-vm-system.scm
|
||||
signing-key.pub
|
||||
wireguard-post-up.sh
|
||||
|
|
|
@ -16,7 +16,8 @@ CLEANFILES = \
|
|||
index.html \
|
||||
mumble-vm.img \
|
||||
mumble-vm-machine.scm \
|
||||
mumble-vm-system.scm
|
||||
mumble-vm-system.scm \
|
||||
wireguard-post-up.sh
|
||||
|
||||
# We want to only update the image when guix commit changes. The trick
|
||||
# to make that work is to only create or update a file when the revision
|
||||
|
@ -53,7 +54,8 @@ IMAGE_SOURCE = \
|
|||
mumble-vm-system.scm \
|
||||
id_ed25519.pub \
|
||||
Makefile \
|
||||
signing-key.pub
|
||||
signing-key.pub \
|
||||
wireguard-post-up.sh
|
||||
|
||||
mumble-vm.img: $(IMAGE_SOURCE)
|
||||
sudo install \
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
#:use-module (gnu services certbot)
|
||||
#:use-module (gnu services ssh)
|
||||
#:use-module (gnu services telephony)
|
||||
#:use-module (gnu services vpn)
|
||||
#:use-module (gnu services web)
|
||||
#:use-module (guix build-system copy)
|
||||
#:use-module (guix build-system gnu)
|
||||
|
@ -70,6 +71,32 @@ the services after that.")
|
|||
(home-page #f)
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define wireguard-post-up-fixups
|
||||
(package
|
||||
(name "wireguard-post-up-fixups")
|
||||
(version "0.1")
|
||||
(source (local-file "wireguard-post-up.sh" ))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
(list #:tests? #f ;no tests
|
||||
#:phases
|
||||
#~(modify-phases
|
||||
%standard-phases
|
||||
(delete 'build)
|
||||
(delete 'configure)
|
||||
(replace 'install
|
||||
(lambda _
|
||||
(chmod "wireguard-post-up.sh" #o755)
|
||||
(install-file
|
||||
"wireguard-post-up.sh"
|
||||
(string-append (string-append #$output "/bin"))))))))
|
||||
(synopsis "Script to fixup the Wireguard interface(s).")
|
||||
(description
|
||||
"Currently, the wireguard-post-up.sh script sets up the interface
|
||||
MTU.")
|
||||
(home-page #f)
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define-public %nginx-deploy-hook
|
||||
(program-file
|
||||
"nginx-deploy-hook"
|
||||
|
@ -82,6 +109,9 @@ the services after that.")
|
|||
(kill nginx-pid SIGHUP)
|
||||
(kill mumble-server-pid SIGUSR1))))))
|
||||
|
||||
(define-public %wireguard-post-up
|
||||
(list "/run/current-system/profile/bin/wireguard-post-up.sh"))
|
||||
|
||||
(define mumble-vm-operating-system
|
||||
(operating-system
|
||||
(bootloader (bootloader-configuration
|
||||
|
@ -107,7 +137,8 @@ the services after that.")
|
|||
net-tools
|
||||
nmon
|
||||
openssh-sans-x
|
||||
website)
|
||||
website
|
||||
wireguard-post-up-fixups)
|
||||
%base-packages))
|
||||
(services
|
||||
(append
|
||||
|
@ -195,7 +226,22 @@ https://DOMAIN/
|
|||
`(("root" , (local-file "id_ed25519.pub"))
|
||||
("gnutoo" ,(local-file "id_ed25519.pub"))))))
|
||||
;; Unattended Upgrades
|
||||
(service unattended-upgrade-service-type))
|
||||
(service unattended-upgrade-service-type)
|
||||
(service wireguard-service-type
|
||||
(wireguard-configuration
|
||||
(addresses '("79.143.250.36/32" "2001:678:938:3ff::36/128"))
|
||||
(dns '("79.143.250.1" "79.143.250.2"
|
||||
"2001:678:938::53:1" "2001:678:938::53:2"))
|
||||
(port 0)
|
||||
(post-up %wireguard-post-up)
|
||||
(private-key (local-file "id_wireguard"))
|
||||
(peers
|
||||
(list
|
||||
(wireguard-peer
|
||||
(name "stephanie.franciliens.net")
|
||||
(endpoint "stephanie.franciliens.net:51820")
|
||||
(public-key "Ybfh3twyBpj7wx/lo9AVBsBKNAUMSQqAWWV0LfywSDI=")
|
||||
(allowed-ips '("0.0.0.0/0" "::/0"))))))))
|
||||
(modify-services
|
||||
%base-services
|
||||
(guix-service-type config => (guix-configuration
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) 2023 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this file. If not, see <http://www.gnu.org/licenses/>.
|
||||
set -e
|
||||
|
||||
ip link set dev wg0 mtu 1380
|
Loading…
Reference in New Issue