Remove openvpn
This commit is contained in:
parent
693fc386ac
commit
40afcc16ff
|
@ -1,14 +1,7 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running `nixos-help`).
|
||||
{ lib, ... }:
|
||||
let
|
||||
# generate via openvpn --genkey --secret openvpn-laptop.key
|
||||
client-key = "/root/openvpn.key";
|
||||
domain = "vpn.xenia.me.uk";
|
||||
vpn-dev = "tun0";
|
||||
port = 1194;
|
||||
in {
|
||||
{ lib, ... }: {
|
||||
users.mutableUsers = false;
|
||||
system.autoUpgrade = {
|
||||
allowReboot = lib.mkForce true;
|
||||
|
@ -17,66 +10,4 @@ in {
|
|||
upper = "05:00";
|
||||
};
|
||||
};
|
||||
networking = {
|
||||
nat = {
|
||||
enable = true;
|
||||
externalInterface = "enp42s0";
|
||||
internalInterfaces = [ vpn-dev ];
|
||||
};
|
||||
firewall = {
|
||||
trustedInterfaces = [ vpn-dev ];
|
||||
allowedUDPPorts = [ port ];
|
||||
};
|
||||
};
|
||||
services.openvpn = {
|
||||
restartAfterSleep = true;
|
||||
servers.xenia.config = ''
|
||||
dev ${vpn-dev}
|
||||
proto udp
|
||||
ifconfig 10.8.0.1 10.8.0.2
|
||||
secret ${client-key}
|
||||
port ${toString port}
|
||||
|
||||
cipher AES-256-CBC
|
||||
auth-nocache
|
||||
|
||||
comp-lzo
|
||||
keepalive 10 60
|
||||
ping-timer-rem
|
||||
persist-tun
|
||||
persist-key
|
||||
'';
|
||||
};
|
||||
|
||||
environment.etc."openvpn/client.ovpn" = {
|
||||
text = ''
|
||||
dev tun
|
||||
remote "${domain}"
|
||||
ifconfig 10.8.0.2 10.8.0.1
|
||||
port ${toString port}
|
||||
redirect-gateway def1
|
||||
|
||||
cipher AES-256-CBC
|
||||
auth-nocache
|
||||
|
||||
comp-lzo
|
||||
keepalive 10 60
|
||||
resolv-retry infinite
|
||||
nobind
|
||||
persist-key
|
||||
persist-tun
|
||||
secret [inline]
|
||||
|
||||
'';
|
||||
mode = "600";
|
||||
};
|
||||
system.activationScripts.openvpn-addkey = ''
|
||||
f="/etc/openvpn/client.ovpn"
|
||||
if ! grep -q '<secret>' $f; then
|
||||
echo "appending secret key"
|
||||
echo "<secret>" >> $f
|
||||
cat ${client-key} >> $f
|
||||
echo "</secret>" >> $f
|
||||
fi
|
||||
'';
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue