Complete overhaul

2026-01-21 16:21:34 +01:00 · 2024-03-12 21:10:35 +01:00 · 2024-03-12 21:10:35 +01:00 · d30d11566d
commit d30d11566d
38 changed files with 1373 additions and 0 deletions
--- a/modules/system/vpn.nix
+++ b/modules/system/vpn.nix
@ -0,0 +1,37 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  options.myConfig.vpn.lgs.enable = lib.mkEnableOption "";
+
+  config = lib.mkIf config.myConfig.vpn.lgs.enable {
+    sops.secrets = {
+      "vpn/lgs/crt" = {};
+      "vpn/lgs/key" = {};
+    };
+
+    services.openvpn.servers.lgs = {
+      autoStart = false;
+
+      config = ''
+        dev tap
+        persist-tun
+        persist-key
+        data-ciphers AES-128-GCM:AES-256-CBC
+        data-ciphers-fallback AES-256-CBC
+        auth SHA1
+        tls-client
+        client
+        resolv-retry infinite
+        remote 194.9.190.11 1194 udp4
+        nobind
+        auth-user-pass
+        ca ${config.sops.secrets."vpn/lgs/crt".path}
+        tls-auth ${config.sops.secrets."vpn/lgs/key".path} 1
+        remote-cert-tls server
+        explicit-exit-notify
+      '';
+    };
+  };
+}