Merge remote-tracking branch 'origin/staging/jeschli'

author: jeschli <jeschli@gmail.com> 2018-06-19 09:52:04 +0200
committer: jeschli <jeschli@gmail.com> 2018-06-19 09:52:04 +0200
commit: 324a8615f19c267d67b8a96d8e74b648c875ba04 (patch)
tree: 8f7444a8e69ae254354a83a119d1c62bfaf95989 /jeschli/1systems/bln/dcso-vpn.nix
parent: 2a3f60d6fb3cd8d5f1ead4e5ff43fc9364eedad3 (diff)
parent: 8eca9165ce6ffaba1076a916bfa475eb935f0a6f (diff)
1 files changed, 44 insertions, 0 deletions
diff --git a/jeschli/1systems/bln/dcso-vpn.nix b/jeschli/1systems/bln/dcso-vpn.nix
new file mode 100644
index 000000000..0a5623bf0
--- /dev/null
+++ b/jeschli/1systems/bln/dcso-vpn.nix
@@ -0,0 +1,44 @@
+with import <stockholm/lib>;
+{ ... }:
+
+{
+
+  users.extraUsers = {
+    dcsovpn = rec {
+      name = "dcsovpn";
+      uid = genid "dcsovpn";
+      description = "user for running dcso openvpn";
+      home = "/home/${name}";
+    };
+  };
+
+  users.extraGroups.dcsovpn.gid = genid "dcsovpn";
+
+  services.openvpn.servers = {
+    dcso = {
+      config = ''
+        client
+        dev tun
+        tun-mtu 1356
+        mssfix
+        proto udp
+        float
+        remote 217.111.55.41 1194
+        nobind
+        user dcsovpn
+        group dcsovpn
+        persist-key
+        persist-tun
+        ca ${toString <secrets/dcsovpn/ca.pem>}
+        cert ${toString <secrets/dcsovpn/cert.pem>}
+        key ${toString <secrets/dcsovpn/cert.key>}
+        verb 3
+        mute 20
+        auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
+        route-method exe
+        route-delay 2
+      '';
+      updateResolvConf = true;
+    };
+  };
+}
author	jeschli <jeschli@gmail.com>	2018-06-19 09:52:04 +0200
committer	jeschli <jeschli@gmail.com>	2018-06-19 09:52:04 +0200
commit	324a8615f19c267d67b8a96d8e74b648c875ba04 (patch)
tree	8f7444a8e69ae254354a83a119d1c62bfaf95989 /jeschli/1systems/bln/dcso-vpn.nix
parent	2a3f60d6fb3cd8d5f1ead4e5ff43fc9364eedad3 (diff)
parent	8eca9165ce6ffaba1076a916bfa475eb935f0a6f (diff)