(use-modules
 (ice-9 match)
 (gnu)
 (gnu packages linux) ; for iproute
 (gnu services)
 (gnu services shepherd)
 (guix records))

(define-record-type* <vpn-tunnel>
  vpn-tunnel make-vpn-tunnel
  vpn-tunnel?
  (interface-name vpn-tunnel-interface-name)
  (user-name vpn-tunnel-user-name))

(define vpn-tunnel-service-type
  (shepherd-service-type
   'vpn-tunnel
   (match-lambda
     (($ <vpn-tunnel> interface user)
      (let ((ip #~(string-append #$iproute "/sbin/ip")))
        (shepherd-service
         (documentation "Create tunnel interface.")
         (provision '(vpn-tunnel))
         (requirement '(networking))
         (start
          #~(lambda _
              ;; Return #t if successfully started.
              (zero? (system* #$ip "tuntap" "add" #$interface
                              "mode" "tun"
                              "user" #$user))))
         (respawn? #f)))))))

(define (vpn-tunnel-service interface-name user-name)
  "Return a service that ..."
  (service vpn-tunnel-service-type
           (vpn-tunnel (interface-name interface-name)
                       (user-name user-name))))

(operating-system
  ;; ...
  (services (cons* (vpn-tunnel-service "vpn0" "dannym")
                   ;; ...
                   %desktop-services)))