diff --git a/hosts/Legion/configuration.nix b/hosts/Legion/configuration.nix index 7f78e921..ab709786 100644 --- a/hosts/Legion/configuration.nix +++ b/hosts/Legion/configuration.nix @@ -1,14 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). -{ lib, ... }: -let - # generate via openvpn --genkey --secret openvpn-laptop.key - client-key = "/root/openvpn.key"; - domain = "vpn.xenia.me.uk"; - vpn-dev = "tun0"; - port = 1194; -in { +{ lib, ... }: { users.mutableUsers = false; system.autoUpgrade = { allowReboot = lib.mkForce true; @@ -17,66 +10,4 @@ in { upper = "05:00"; }; }; - networking = { - nat = { - enable = true; - externalInterface = "enp42s0"; - internalInterfaces = [ vpn-dev ]; - }; - firewall = { - trustedInterfaces = [ vpn-dev ]; - allowedUDPPorts = [ port ]; - }; - }; - services.openvpn = { - restartAfterSleep = true; - servers.xenia.config = '' - dev ${vpn-dev} - proto udp - ifconfig 10.8.0.1 10.8.0.2 - secret ${client-key} - port ${toString port} - - cipher AES-256-CBC - auth-nocache - - comp-lzo - keepalive 10 60 - ping-timer-rem - persist-tun - persist-key - ''; - }; - - environment.etc."openvpn/client.ovpn" = { - text = '' - dev tun - remote "${domain}" - ifconfig 10.8.0.2 10.8.0.1 - port ${toString port} - redirect-gateway def1 - - cipher AES-256-CBC - auth-nocache - - comp-lzo - keepalive 10 60 - resolv-retry infinite - nobind - persist-key - persist-tun - secret [inline] - - ''; - mode = "600"; - }; - system.activationScripts.openvpn-addkey = '' - f="/etc/openvpn/client.ovpn" - if ! grep -q '' $f; then - echo "appending secret key" - echo "" >> $f - cat ${client-key} >> $f - echo "" >> $f - fi - ''; }