64 lines
1.8 KiB
Nix
64 lines
1.8 KiB
Nix
{ pkgs, config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.modules.system.vpns;
|
|
in
|
|
{
|
|
options.modules.system.vpns = {
|
|
enable = lib.mkEnableOption "enables vpns";
|
|
|
|
# toggle for pia mexico w/ openvpn
|
|
openvpn_pia_mexico = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = "enable pia vpn to mexico using openvpn";
|
|
};
|
|
wg_pia_mexico = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = "enable pia vpn to mexico using wireguard";
|
|
};
|
|
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
# enable pia mexico w/ openvpn
|
|
services.openvpn.servers = lib.mkIf cfg.openvpn_pia_mexico {
|
|
openvpn_pia_mexico = {
|
|
config = ''
|
|
config ${config.sops.secrets."openvpn_pia_mexico_config".path}
|
|
auth-user-pass ${config.sops.secrets."_pia_auth".path}
|
|
'';
|
|
};
|
|
};
|
|
sops.secrets = lib.optionalAttrs cfg.openvpn_pia_mexico {
|
|
"pia_auth" = { owner = "root"; group = "root"; };
|
|
"openvpn_pia_mexico_config" = {owner = "root"; group = "root"; };
|
|
};
|
|
|
|
# enable pia mexico w/ wireguard
|
|
networking.wireguard.interfaces = lib.mkIf cfg.wg_pia_mexico {
|
|
wg_piamex = {
|
|
privateKeyFile = config.sops.secrets."wg_pia_mexico_key".path;
|
|
# listenPort = 51820;
|
|
ips = [ "10.4.244.34/32" ];
|
|
|
|
peers = {
|
|
pia = {
|
|
publicKey = "avK/Bdg+hyLMqP2k/7eEBTkxwCSzyy8FymwO/vFjbQg=";
|
|
allowedIPs = [ "0.0.0.0/0" ];
|
|
endpoint = "77.81.142.245:1337";
|
|
persistentKeepalive = 25;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# secrets only if VPN is enabled
|
|
sops.secrets = lib.optionalAttrs cfg.wireguard_pia_mexico {
|
|
"wg_pia_mexico_key" = { owner = "root"; group = "root"; };
|
|
};
|
|
};
|
|
}
|