Remove openvpn

This commit is contained in:
Evie Litherland-Smith 2023-12-11 13:22:40 +00:00
parent 693fc386ac
commit 40afcc16ff

View file

@ -1,14 +1,7 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ lib, ... }:
let
# generate via openvpn --genkey --secret openvpn-laptop.key
client-key = "/root/openvpn.key";
domain = "vpn.xenia.me.uk";
vpn-dev = "tun0";
port = 1194;
in {
{ lib, ... }: {
users.mutableUsers = false;
system.autoUpgrade = {
allowReboot = lib.mkForce true;
@ -17,66 +10,4 @@ in {
upper = "05:00";
};
};
networking = {
nat = {
enable = true;
externalInterface = "enp42s0";
internalInterfaces = [ vpn-dev ];
};
firewall = {
trustedInterfaces = [ vpn-dev ];
allowedUDPPorts = [ port ];
};
};
services.openvpn = {
restartAfterSleep = true;
servers.xenia.config = ''
dev ${vpn-dev}
proto udp
ifconfig 10.8.0.1 10.8.0.2
secret ${client-key}
port ${toString port}
cipher AES-256-CBC
auth-nocache
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
'';
};
environment.etc."openvpn/client.ovpn" = {
text = ''
dev tun
remote "${domain}"
ifconfig 10.8.0.2 10.8.0.1
port ${toString port}
redirect-gateway def1
cipher AES-256-CBC
auth-nocache
comp-lzo
keepalive 10 60
resolv-retry infinite
nobind
persist-key
persist-tun
secret [inline]
'';
mode = "600";
};
system.activationScripts.openvpn-addkey = ''
f="/etc/openvpn/client.ovpn"
if ! grep -q '<secret>' $f; then
echo "appending secret key"
echo "<secret>" >> $f
cat ${client-key} >> $f
echo "</secret>" >> $f
fi
'';
}