42 current 2025-10-07 19:48:37 25.05.20251001.5b5be50 6.12.49 *

2025-10-07 19:57:37 -05:00
parent 005b20a7a5
commit 6a354060ca
3 changed files with 36 additions and 8 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 41 current  2025-10-07 19:39:59  25.05.20251001.5b5be50  6.12.49                          *
+# generation: 42 current  2025-10-07 19:48:37  25.05.20251001.5b5be50  6.12.49                          *
 {
  description = "blakes nix config";
  inputs = {
--- a/modules/system/vpns.nix
+++ b/modules/system/vpns.nix
@@ -22,9 +22,32 @@ in
    services.openvpn.servers = lib.mkIf cfg.openvpn_pia_mexico { 
      openvpn_pia_mexico = {
        config = ''
-          config ${config.sops.secrets."openvpn_pia_mexico_config".path}
-          auth-user-pass /run/secrets/openvpn_pia_mexico_auth
-        '';
+          client
+          dev tun
+          proto udp
+          remote 77.81.142.240 1198
+          resolv-retry infinite
+          nobind
+          persist-key
+          persist-tun
+          cipher aes-128-cbc
+          auth sha1
+          tls-client
+          remote-cert-tls server
+
+          auth-user-pass
+          compress
+          verb 1
+          reneg-sec 0
+          crl-verify ${config.sops.secrets."openvpn_pia_mexico_crl".path}
+          ca ${config.sops.secrets."openvpn_pia_mexico_crt".path}
+
+          disable-occ
+                  '';
+#        config = ''
+#          config ${config.sops.secrets."openvpn_pia_mexico_config".path}
+#          auth-user-pass /run/secrets/openvpn_pia_mexico_auth
+#        '';
      };
    };
    sops.secrets = {
@@ -36,6 +59,10 @@ in
        owner = "root";
        group = "root";
      };
+      "openvpn_pia_mexico_crt" = {
+        owner = "root";
+        group = "root";
+      };
      "openvpn_pia_mexico_config" = {
        owner = "root";
        group = "root";
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml