mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-07-05 02:01:49 +02:00
lupine5/openvpn: use certs
This commit is contained in:
@@ -1,4 +1,4 @@
|
|||||||
{ pkgs, lib, values, ... }:
|
{ config, pkgs, lib, values, ... }:
|
||||||
let
|
let
|
||||||
renderConfig = attrs: lib.pipe attrs [
|
renderConfig = attrs: lib.pipe attrs [
|
||||||
(lib.filterAttrs (_: value: !(builtins.isNull value || value == false)))
|
(lib.filterAttrs (_: value: !(builtins.isNull value || value == false)))
|
||||||
@@ -20,6 +20,12 @@ let
|
|||||||
];
|
];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
sops.secrets = {
|
||||||
|
"openvpn/ca/crt" = { };
|
||||||
|
"openvpn/server/crt" = { };
|
||||||
|
"openvpn/server/key" = { };
|
||||||
|
};
|
||||||
|
|
||||||
services.openvpn.servers."ov-tunnel" = {
|
services.openvpn.servers."ov-tunnel" = {
|
||||||
config = renderConfig {
|
config = renderConfig {
|
||||||
# TODO: use aliases
|
# TODO: use aliases
|
||||||
@@ -32,11 +38,10 @@ in
|
|||||||
|
|
||||||
script-security = 0;
|
script-security = 0;
|
||||||
|
|
||||||
# TODO: set up
|
ca = config.sops.secrets."openvpn/ca/crt".path;
|
||||||
# ca = "";
|
cert = config.sops.secrets."openvpn/server/crt".path;
|
||||||
# cert = "";
|
key = config.sops.secrets."openvpn/server/key".path;
|
||||||
# key = "";
|
dh = "none";
|
||||||
# dh = "";
|
|
||||||
|
|
||||||
# Maintain a record of client <-> virtual IP address
|
# Maintain a record of client <-> virtual IP address
|
||||||
# associations in this file. If OpenVPN goes down or
|
# associations in this file. If OpenVPN goes down or
|
||||||
@@ -67,7 +72,7 @@ in
|
|||||||
|
|
||||||
client-config-dir = pkgs.writeTextDir "ludvigsen" ''
|
client-config-dir = pkgs.writeTextDir "ludvigsen" ''
|
||||||
# Sett IP-adr. for tap0 til ludvigsens PVV-addresse.
|
# Sett IP-adr. for tap0 til ludvigsens PVV-addresse.
|
||||||
ifconfig-push ${values.services.ludvigsen-vpn} 255.255.255.128
|
ifconfig-push ${values.services.ludvigsen-tap} 255.255.255.128
|
||||||
|
|
||||||
# Hvordan skal man faa dette til aa funke, tro?
|
# Hvordan skal man faa dette til aa funke, tro?
|
||||||
# ifconfig-ipv6-push 2001:700:300:1900::xxx/64
|
# ifconfig-ipv6-push 2001:700:300:1900::xxx/64
|
||||||
|
|||||||
Reference in New Issue
Block a user