l helios.r: add dcsovpn
This commit is contained in:
parent
4e6827b8cd
commit
ba663f0445
|
@ -11,6 +11,7 @@ with import <stockholm/lib>;
|
||||||
<stockholm/lass/2configs/retiolum.nix>
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
<stockholm/lass/2configs/otp-ssh.nix>
|
<stockholm/lass/2configs/otp-ssh.nix>
|
||||||
<stockholm/lass/2configs/git.nix>
|
<stockholm/lass/2configs/git.nix>
|
||||||
|
<stockholm/lass/2configs/dcso-vpn.nix>
|
||||||
{ # automatic hardware detection
|
{ # automatic hardware detection
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
|
44
lass/2configs/dcso-vpn.nix
Normal file
44
lass/2configs/dcso-vpn.nix
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
users.extraUsers = {
|
||||||
|
dcsovpn = rec {
|
||||||
|
name = "dcsovpn";
|
||||||
|
uid = genid "dcsovpn";
|
||||||
|
description = "user for running dcso openvpn";
|
||||||
|
home = "/home/${name}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.dcsovpn.gid = genid "dcsovpn";
|
||||||
|
|
||||||
|
services.openvpn.servers = {
|
||||||
|
dcso = {
|
||||||
|
config = ''
|
||||||
|
client
|
||||||
|
dev tun
|
||||||
|
tun-mtu 1356
|
||||||
|
mssfix
|
||||||
|
proto udp
|
||||||
|
float
|
||||||
|
remote 217.111.55.41 1194
|
||||||
|
nobind
|
||||||
|
user dcsovpn
|
||||||
|
group dcsovpn
|
||||||
|
persist-key
|
||||||
|
persist-tun
|
||||||
|
ca ${toString <secrets/dcsovpn/ca.pem>}
|
||||||
|
cert ${toString <secrets/dcsovpn/cert.pem>}
|
||||||
|
key ${toString <secrets/dcsovpn/cert.key>}
|
||||||
|
verb 3
|
||||||
|
mute 20
|
||||||
|
auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
|
||||||
|
route-method exe
|
||||||
|
route-delay 2
|
||||||
|
'';
|
||||||
|
updateResolvConf = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user