mirror of
https://github.com/SebastianStork/nixos-config.git
synced 2026-01-21 14:01:34 +01:00
37 lines
990 B
Nix
37 lines
990 B
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: {
|
|
options.myConfig.vpn.lgs.enable = lib.mkEnableOption "";
|
|
|
|
config = lib.mkIf config.myConfig.vpn.lgs.enable {
|
|
sops.secrets = {
|
|
"vpn/lgs/crt" = {};
|
|
"vpn/lgs/key" = {};
|
|
};
|
|
|
|
services.openvpn.servers.lgs = {
|
|
autoStart = false;
|
|
|
|
config = ''
|
|
dev tap
|
|
persist-tun
|
|
persist-key
|
|
data-ciphers AES-128-GCM:AES-256-CBC
|
|
data-ciphers-fallback AES-256-CBC
|
|
auth SHA1
|
|
tls-client
|
|
client
|
|
resolv-retry infinite
|
|
remote 194.9.190.11 1194 udp4
|
|
nobind
|
|
auth-user-pass
|
|
ca ${config.sops.secrets."vpn/lgs/crt".path}
|
|
tls-auth ${config.sops.secrets."vpn/lgs/key".path} 1
|
|
remote-cert-tls server
|
|
explicit-exit-notify
|
|
'';
|
|
};
|
|
};
|
|
}
|