SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 19:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Switch to 4 space indentation

Browse source
This commit is contained in:
SebastianStork 2024-03-17 13:15:01 +01:00
parent a4cc33577c
commit d7aed49725
32 changed files with 796 additions and 783 deletions
Download patch file Download diff file Expand all files Collapse all files

64
modules/system/vpn.nix
View file

@ -1,37 +1,37 @@
{
config,
lib,
...
config,
lib,
...
}: {
options.myConfig.vpn.lgs.enable = lib.mkEnableOption "";
options.myConfig.vpn.lgs.enable = lib.mkEnableOption "";
config = lib.mkIf config.myConfig.vpn.lgs.enable {
sops.secrets = {
"vpn/lgs/crt" = {};
"vpn/lgs/key" = {};
config = lib.mkIf config.myConfig.vpn.lgs.enable {
sops.secrets = {
"vpn/lgs/crt" = {};
"vpn/lgs/key" = {};
};
services.openvpn.servers.lgs = {
autoStart = false;
config = ''
dev tap
persist-tun
persist-key
data-ciphers AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 194.9.190.11 1194 udp4
nobind
auth-user-pass
ca ${config.sops.secrets."vpn/lgs/crt".path}
tls-auth ${config.sops.secrets."vpn/lgs/key".path} 1
remote-cert-tls server
explicit-exit-notify
'';
};
};
services.openvpn.servers.lgs = {
autoStart = false;
config = ''
dev tap
persist-tun
persist-key
data-ciphers AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 194.9.190.11 1194 udp4
nobind
auth-user-pass
ca ${config.sops.secrets."vpn/lgs/crt".path}
tls-auth ${config.sops.secrets."vpn/lgs/key".path} 1
remote-cert-tls server
explicit-exit-notify
'';
};
};
}