73 lines
1.7 KiB
Nix
73 lines
1.7 KiB
Nix
{ pkgs, config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.modules.system.vpns;
|
|
in
|
|
{
|
|
options.modules.system.vpns = {
|
|
enable = lib.mkEnableOption "enables vpns";
|
|
|
|
# toggle for pia mexico w/ openvpn
|
|
openvpn_pia_mexico = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = "enable pia vpn to mexico using openvpn";
|
|
};
|
|
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
# enable pia mexico w/ openvpn
|
|
services.openvpn.servers = lib.mkIf cfg.openvpn_pia_mexico {
|
|
openvpn_pia_mexico = {
|
|
config = ''
|
|
client
|
|
dev tun
|
|
proto udp
|
|
remote 77.81.142.240 1198
|
|
resolv-retry infinite
|
|
nobind
|
|
persist-key
|
|
persist-tun
|
|
cipher aes-128-cbc
|
|
auth sha1
|
|
tls-client
|
|
remote-cert-tls server
|
|
|
|
auth-user-pass ${config.sops.secrets."openvpn_pia_mexico_auth".path}
|
|
compress
|
|
verb 1
|
|
reneg-sec 0
|
|
crl-verify ${config.sops.secrets."openvpn_pia_mexico_crl".path}
|
|
ca ${config.sops.secrets."openvpn_pia_mexico_crt".path}
|
|
|
|
disable-occ
|
|
'';
|
|
# config = ''
|
|
# config ${config.sops.secrets."openvpn_pia_mexico_config".path}
|
|
# auth-user-pass /run/secrets/openvpn_pia_mexico_auth
|
|
# '';
|
|
};
|
|
};
|
|
sops.secrets = {
|
|
"openvpn_pia_mexico_auth" = {
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
"openvpn_pia_mexico_crl" = {
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
"openvpn_pia_mexico_crt" = {
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
"openvpn_pia_mexico_config" = {
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
};
|
|
};
|
|
}
|