summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/vpn
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-07-28 22:24:15 +0200
committermakefu <github@syntax-fehler.de>2023-07-28 22:24:15 +0200
commit060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch)
tree2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/2configs/vpn
parentcbfcc890e3b76d942b927809bf981a5fa7289e6a (diff)
makefu: move out to own repo, add vacation-note
Diffstat (limited to 'makefu/2configs/vpn')
-rw-r--r--makefu/2configs/vpn/openvpn-server.nix111
-rw-r--r--makefu/2configs/vpn/vpngate.nix388
-rw-r--r--makefu/2configs/vpn/vpnws/client.nix9
-rw-r--r--makefu/2configs/vpn/vpnws/server.nix42
4 files changed, 0 insertions, 550 deletions
diff --git a/makefu/2configs/vpn/openvpn-server.nix b/makefu/2configs/vpn/openvpn-server.nix
deleted file mode 100644
index 79754264f..000000000
--- a/makefu/2configs/vpn/openvpn-server.nix
+++ /dev/null
@@ -1,111 +0,0 @@
-{ config, pkgs, ... }:
-let
- out-itf = config.makefu.server.primary-itf;
- # generate via openvpn --genkey --secret static.key
- client-key = (toString <secrets>) + "/openvpn-laptop.key";
- # domain = "vpn.euer.krebsco.de";
- domain = "gum.krebsco.de";
- dev = "tun0";
- port = 1194;
- tcp-port = 3306;
-in {
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- networking.nat = {
- enable = true;
- externalInterface = out-itf;
- internalInterfaces = [ dev ];
- };
- networking.firewall.trustedInterfaces = [ dev ];
- networking.firewall.allowedUDPPorts = [ port ];
- environment.systemPackages = [ pkgs.openvpn ];
- services.openvpn.servers.smartphone.config = ''
- #user nobody
- #group nobody
-
- dev ${dev}
- proto udp
- ifconfig 10.8.0.1 10.8.0.2
- secret ${client-key}
- port ${toString port}
- cipher AES-256-CBC
- comp-lzo
-
- keepalive 10 60
- ping-timer-rem
- persist-tun
- persist-key
- '';
-
- environment.etc."openvpn/smartphone-client.ovpn" = {
- text = ''
- client
- dev tun
- remote "${domain}"
- ifconfig 10.8.0.1 10.8.0.2
- port ${toString port}
-
- cipher AES-256-CBC
- comp-lzo
- keepalive 10 60
- resolv-retry infinite
- nobind
- persist-key
- persist-tun
-
- secret [inline]
-
- '';
- mode = "700";
- };
- system.activationScripts.openvpn-addkey = ''
- f="/etc/openvpn/smartphone-client.ovpn"
- if ! grep -q '<secret>' $f; then
- echo "appending secret key"
- echo "<secret>" >> $f
- cat ${client-key} >> $f
- echo "</secret>" >> $f
- fi
- '';
- #smartphone-tcp.config = ''
- # user nobody
- # group nobody
-
- # dev ${dev}
- # proto tcp
- # ifconfig 10.8.0.1 10.8.0.3
- # secret ${client-key}
- # port tcp-port
- # comp-lzo
-
- # keepalive 10 60
- # ping-timer-rem
- # persist-tun
- # persist-key
- #'';
- # TODO: forward via 443
- # stream {
- #
- # map $ssl_preread_server_name $name {
- # vpn1.app.com vpn1_backend;
- # vpn2.app.com vpn2_backend;
- # https.app.com https_backend;
- # }
- #
- # upstream vpn1_backend {
- # server 10.0.0.3:443;
- # }
- #
- # upstream vpn2_backend {
- # server 10.0.0.4:443;
- # }
- #
- # upstream https_backend {
- # server 10.0.0.5:443;
- #
- # server {
- # listen 10.0.0.1:443;
- # proxy_pass $name;
- # ssl_preread on;
- # }
- # }
-}
diff --git a/makefu/2configs/vpn/vpngate.nix b/makefu/2configs/vpn/vpngate.nix
deleted file mode 100644
index acf9e9cfe..000000000
--- a/makefu/2configs/vpn/vpngate.nix
+++ /dev/null
@@ -1,388 +0,0 @@
-{ pkgs, ... }:
-{
- services.openvpn.servers.vpngate-france = {
- config = ''
- dev tun
- proto udp
- remote coreeu1.opengw.net 1194
- cipher AES-128-CBC
- auth SHA1
- resolv-retry infinite
- nobind
- persist-key
- persist-tun
- client
- verb 3
-
- <ca>
- -----BEGIN CERTIFICATE-----
- MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
- hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
- A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
- BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
- MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
- EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
- Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
- dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
- 6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
- pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
- 9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
- /erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
- Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
- +pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
- qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
- SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
- u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
- Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
- crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
- FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
- /wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
- wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
- 4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
- 2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
- FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
- CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
- boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
- jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
- S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
- QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
- 0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
- NVOFBkpdn627G190
- -----END CERTIFICATE-----
-
- </ca>
-
-
- <cert>
- -----BEGIN CERTIFICATE-----
- MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
- aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
- MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
- 5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
- 4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
- CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
- XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
- p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
- ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
- hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
- UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
- +mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
- Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
- 6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
- -----END CERTIFICATE-----
-
- </cert>
-
- <key>
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
- wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
- zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
- 55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
- /2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
- mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
- k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
- fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
- QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
- lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
- zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
- oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
- KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
- 4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
- dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
- 5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
- DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
- LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
- TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
- Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
- H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
- KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
- va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
- wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
- M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
- -----END RSA PRIVATE KEY-----
-
- </key>
- '';
- autoStart = false;
- updateResolvConf = false;
- };
- services.openvpn.servers.vpngate-japan = {
- config = ''
- dev tun
- proto udp
- remote vpn311786078.opengw.net 1573
- cipher AES-128-CBC
- auth SHA1
- resolv-retry infinite
- nobind
- persist-key
- persist-tun
- client
- verb 3
- #auth-user-pass
-
- <ca>
- -----BEGIN CERTIFICATE-----
- MIIDHDCCAgSgAwIBAgIFAIRyJXcwDQYJKoZIhvcNAQELBQAwRTEYMBYGA1UEAwwP
- a3JqejV3YXE1YXliLmpwMRwwGgYDVQQKDBNlcnp6eTBxZnhwaiAxNHQzZGJnMQsw
- CQYDVQQGEwJVUzAeFw0xNzAxMDMwMjE3MDNaFw0yNDA1MDEwMjE3MDNaMEUxGDAW
- BgNVBAMMD2tyano1d2FxNWF5Yi5qcDEcMBoGA1UECgwTZXJ6enkwcWZ4cGogMTR0
- M2RiZzELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
- AQDBRSiY0DMxjUZWRtpq892vPdk+TQ4Pgxnscfzsw3MMJBGaNhIzLvNSzUdFWJq1
- p6SpCD8pJsxQifDzM5t7KGqWUmY2vgucAaGCZtbrqijm74rJOEfyF3D8stYBkTmb
- AOBkRXtxoi62M+d3xgNox1VaDXndgOqQhnj4INChWf4b8lc33I/2NmwVa2d9jh+e
- Qx1OsnbYGi9EM/RfTKfGcPxtusN8IEzwo2q0s7PLxgiIbCZs3aAMZIvOdi9CkFkQ
- +T9wQlC1BJwbWFXqUPR2r4ugE0iYepjhEd19KuaGqW0PYivHGM9lRU2JjfJujBeF
- vaOjMExvi+Mwl78Qmm7wbH1BAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
- KoZIhvcNAQELBQADggEBABoJhTO8WHB6MEWbsTXUVYG/Ino1TQTkha/0BtJ02Mdi
- AV0QLOjZM0Q5F2Tg2puRK92nDp7VLA8VUqlrvLqBh6ljMEEhEwaVkV/ZigqUmGlV
- nOE8NABj1mmsJSeh8DQjNclPkkOrKC6sudk9NsU4I51kDPr3M6jCd+/vBoZ6/lVR
- oOLVnHOhWVsOdw/I792j4DEpVB8U8g2LhYdAJZNoKvfc6F32TEZphFxU3yDA4Kb5
- BqC8IU3O5eL7vrkVpvHdzaO+Q6wJ148/PbWXpsxm8mI39I6sQ820mGw/PGrmBAgh
- WgJ52Kr48Vq0TVmdew0mz+xzU7SnpndmhVyFk9nN3c8=
- -----END CERTIFICATE-----
- </ca>
-
- <cert>
- -----BEGIN CERTIFICATE-----
- MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
- aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
- MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
- 5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
- 4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
- CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
- XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
- p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
- ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
- hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
- UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
- +mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
- Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
- 6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
- -----END CERTIFICATE-----
- </cert>
-
- <key>
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
- wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
- zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
- 55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
- /2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
- mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
- k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
- fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
- QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
- lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
- zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
- oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
- KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
- 4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
- dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
- 5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
- DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
- LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
- TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
- Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
- H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
- KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
- va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
- wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
- M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
- -----END RSA PRIVATE KEY-----
- </key>
-
- '';
- autoStart = false;
- updateResolvConf = false;
- };
- services.openvpn.servers.vpngate-usa1 = {
- config = ''
- dev tun
- proto udp
- remote vpn854005480.opengw.net 1434
- cipher AES-128-CBC
- auth SHA1
- resolv-retry infinite
- nobind
- persist-key
- persist-tun
- client
- verb 3
-
- <ca>
- -----BEGIN CERTIFICATE-----
- MIIDEDCCAfigAwIBAgIFFzQRkTQwDQYJKoZIhvcNAQELBQAwPzEUMBIGA1UEAwwL
- MWh6NWFzMWYuanAxGjAYBgNVBAoMEXYyMjZvdmdjIHJ0YTc3NXR6MQswCQYDVQQG
- EwJVUzAeFw0xNjEwMjIxODE4MjRaFw0yNDAxMTkxODE4MjRaMD8xFDASBgNVBAMM
- CzFoejVhczFmLmpwMRowGAYDVQQKDBF2MjI2b3ZnYyBydGE3NzV0ejELMAkGA1UE
- BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX6yJXCpA95oPU
- /vO1wD6UiJnZfDB1fjJOa8gwgK6qbLHo5Cx2gEmUzYOGTlT2Fbser2kHA3xTRxDu
- L+1dufGp8zEi116I5SkLDKRQqO/8h1bWQO7MB4k6K0YlYrWJGTLCanZB3zIS3F7P
- 2qCALdZ40Y1QUQlMEqzg1exeaMDdgOPXDKe1f2L06RpZKQ3ozzHlFgMKamWlLk+/
- N+Flo0s5Z2cfgUBqoBmuXVGBX4ZFxozSojcpREp+sLstdJ56vsW3KztTYTjj6y9Q
- MXNadwsTI6sB/kmex3R0phFlw/ucloXQTecbqWDvJrumQHjiI1HqP95c3Z/y4PoD
- lZvUb15HAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
- ggEBAJKHl41QHHuCBC8c3/0PNed3Y0+qRCnB7JB6SraYT5VRSA1dcpvmCESZE3WC
- Sn7OaIBpIm6dBKFkCJgS7lEoMYzmazlfv/RpeRj8fmzcaOcoZdWHk/e1Mkzt5UAz
- 2rsBxDgWmVJfmUR2gnEltvSWQKLdM/F+GB7LNckg58n4yBViCF3pp1HTq1Q59laV
- QQNG8dSqy9EY8WI7oj/I60G6Gcd2dOt9+RXCCA3RZ/9zSGEi4AmDV7oRNfGEdmcy
- YN2K13NlMO+Sdh4S90KVxGOXo2Q0G9HDWJ60f/I+3bxQFb+n85WAM38ZqX/9D72S
- YD3YtJG14xlsO1BDPUgm1t6H8gc=
- -----END CERTIFICATE-----
- </ca>
-
- <cert>
- -----BEGIN CERTIFICATE-----
- MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
- aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
- MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
- 5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
- 4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
- CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
- XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
- p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
- ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
- hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
- UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
- +mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
- Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
- 6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
- -----END CERTIFICATE-----
- </cert>
-
- <key>
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
- wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
- zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
- 55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
- /2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
- mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
- k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
- fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
- QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
- lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
- zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
- oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
- KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
- 4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
- dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
- 5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
- DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
- LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
- TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
- Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
- H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
- KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
- va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
- wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
- M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
- -----END RSA PRIVATE KEY-----
- </key>
- '';
- autoStart = false;
- updateResolvConf = false;
- };
- services.openvpn.servers.vpngate-usa2 = {
- config = ''
- dev tun
-
- proto udp
-
- remote vpn444417710.opengw.net 1195
-
- cipher AES-128-CBC
- auth SHA1
-
- resolv-retry infinite
- nobind
- persist-key
- persist-tun
- client
- verb 3
- #auth-user-pass
-
- <ca>
- -----BEGIN CERTIFICATE-----
- MIIDIzCCAgugAwIBAgIEMERikDANBgkqhkiG9w0BAQsFADBJMR8wHQYDVQQDDBZz
- cmlnbGh6dWwxamtraDdtY2UubmV0MRkwFwYDVQQKDBBkY2c3MTQ4bnQgb3Rmdjd0
- MQswCQYDVQQGEwJVUzAeFw0xNjEyMDUyMzMzNTdaFw0yMTA4MjkyMzMzNTdaMEkx
- HzAdBgNVBAMMFnNyaWdsaHp1bDFqa2toN21jZS5uZXQxGTAXBgNVBAoMEGRjZzcx
- NDhudCBvdGZ2N3QxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
- MIIBCgKCAQEA8ASCMZyeVeTkRELTVJKzWFufi9LFq6N1euhOK9KNLeCn5OJXxeJ6
- FoRD2QtDHwHscEPrJ2uIVqqxvm/uuZ7aWKXVuRzCbYeQih6tUK4M/Q55iKeynPMt
- vCBH28IasH33fGbw95S82nXEwWK6tR3+WdIcHFJ7RZz1QkmsWOzI/vn2pNeyZCIG
- QjuFJEfiSTNorqhR29vJhWR3pRLWgorAQav7ukgAdQqKIldX0LQr4BoN5HLDe7AC
- 9jO3Xs6dQieyxnF183XVigZZ+cfaD9kK1m/+4JKWNphIGi9bsGRumjJwQgrv35CA
- 6+FCMXRUM7PQljjlgDhdW4VeYtX0tg46uwIDAQABoxMwETAPBgNVHRMBAf8EBTAD
- AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDUjycraBUWrVvtQ4touYR1T9+msLhFc3RO
- clHnyw+2PEyNdTy8ra13dUXkWqIgWnyxj8CSFJmfLCdxuQrNEQ8jF7rJNGqujVI1
- +xjao5fIt33EAwg2CFDs5DETEcwb7/lJIs1uwwiDPIZrmXyoL9My9ZZ8DKkRy4LS
- 1+GZx4Y9v/G1AFKfQ4n//v8s+SYQS3JZxspEONj8M9VkKjuYonFR6eegKWo37QaY
- hy9+4qTRGbviET1si+fZ0LVweyfG3t0Fg8BJn+1YP9kpLJdjOtzKCFbdIrjY3XSS
- 3ehfN8C5mGWk0pQMWJs+xYIfB0OvDRgehICw0PIvps8Sv8gu4Bve
- -----END CERTIFICATE-----
-
- </ca>
-
- <cert>
- -----BEGIN CERTIFICATE-----
- MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
- aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
- MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
- 5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
- 4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
- CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
- XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
- p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
- ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
- hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
- UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
- +mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
- Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
- 6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
- -----END CERTIFICATE-----
-
- </cert>
-
- <key>
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
- wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
- zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
- 55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
- /2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
- mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
- k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
- fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
- QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
- lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
- zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
- oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
- KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
- 4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
- dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
- 5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
- DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
- LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
- TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
- Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
- H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
- KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
- va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
- wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
- M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
- -----END RSA PRIVATE KEY-----
-
- </key>
- '';
- autoStart = false;
- updateResolvConf = false;
- };
-}
diff --git a/makefu/2configs/vpn/vpnws/client.nix b/makefu/2configs/vpn/vpnws/client.nix
deleted file mode 100644
index d06bc27db..000000000
--- a/makefu/2configs/vpn/vpnws/client.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-{
- users.users.makefu.packages = with pkgs; [ iproute vpn-ws ];
- # vpn-ws-client vpnws wss://localhost/vpn --no-verify --exec "ip link set vpnws up;ip addr add 10.244.1.2/24 dev vpnws"
- networking.interfaces.vpnws = {
- virtual = true;
- virtualType = "tap";
- };
-}
diff --git a/makefu/2configs/vpn/vpnws/server.nix b/makefu/2configs/vpn/vpnws/server.nix
deleted file mode 100644
index 6baa5ff11..000000000
--- a/makefu/2configs/vpn/vpnws/server.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{pkgs, options, ... }:
-let
- pkg = pkgs.vpn-ws;
- uid = "nginx";
- gid = "nginx";
- ip = "${pkgs.iproute}/bin/ip";
- socket = "/run/vpn.sock";
- htpasswd = (toString <secrets>) + "/vpn-ws-auth";
- nginx-prepared-secrets = "/var/spool/nginx/vpn-ws-auth";
-in {
- systemd.services.vpn-ws-auth-prepare = {
- wantedBy = [ "multi-user.target" ];
- before = [ "nginx.service" ];
- script = "install -m700 -o${uid} -g${gid} ${htpasswd} ${nginx-prepared-secrets}";
- };
- services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = {
- extraConfig = ''
- auth_basic "please stand by...";
- auth_basic_user_file ${nginx-prepared-secrets};
- uwsgi_pass unix:${socket};
- include ${pkgs.nginx}/conf/uwsgi_params;
- '';
- };
-
- networking.interfaces.vpnws = {
- virtual = true;
- virtualType = "tap";
- };
- systemd.services.vpnws = {
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- serviceConfig = {
- Restart = "always";
- PrivateTmp = true;
- ExecStartPre = pkgs.writeDash "vpnws-pre" ''
- ${ip} link set vpnws up
- ${ip} addr add 10.244.1.1/24 dev vpnws || :
- '';
- ExecStart = "${pkg}/bin/vpn-ws --uid ${uid} --gid ${gid} --tuntap vpnws ${socket}";
- };
- };
-}