pixelifytica/nixos
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add openvpn config

Browse source
This commit is contained in:
Evie Litherland-Smith 2023-05-30 10:46:23 +01:00
parent a69d0a1a92
commit 9c69402502
2 changed files with 73 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/Vanguard.nix
View file

@ -3,11 +3,12 @@
./adguardhome
./gitea
./nextcloud
./openvpn/Vanguard.nix
./sshd
./syncthing/Vanguard.nix
./traefik/adguardhome.nix
./traefik/gitea.nix
./traefik/nextcloud.nix
./traefik/qbittorrent.nix
./syncthing/Vanguard.nix
];
}

71
services/openvpn/Vanguard.nix Normal file
View file

@ -0,0 +1,71 @@
{...}: let
# generate via openvpn --genkey --secret openvpn-laptop.key
client-key = "/root/openvpn.key";
domain = "vpn.xenia.me.uk";
vpn-dev = "tun0";
port = 1194;
in {
networking = {
nat = {
enable = true;
externalInterface = "enp42s0";
internalInterfaces = [vpn-dev];
};
firewall = {
trustedInterfaces = [vpn-dev];
allowedUDPPorts = [port];
};
};
services.openvpn = {
restartAfterSleep = true;
servers.xenia.config = ''
dev ${vpn-dev}
proto udp
ifconfig 10.8.0.1 10.8.0.2
secret ${client-key}
port ${toString port}
cipher AES-256-CBC
auth-nocache
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
'';
};
environment.etc."openvpn/client.ovpn" = {
text = ''
dev tun
remote "${domain}"
ifconfig 10.8.0.2 10.8.0.1
port ${toString port}
redirect-gateway def1
cipher AES-256-CBC
auth-nocache
comp-lzo
keepalive 10 60
resolv-retry infinite
nobind
persist-key
persist-tun
secret [inline]
'';
mode = "600";
};
system.activationScripts.openvpn-addkey = ''
f="/etc/openvpn/client.ovpn"
if ! grep -q '<secret>' $f; then
echo "appending secret key"
echo "<secret>" >> $f
cat ${client-key} >> $f
echo "</secret>" >> $f
fi
'';
}