diff options
author | tv <tv@krebsco.de> | 2016-06-30 16:31:05 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-06-30 16:31:05 +0200 |
commit | d81b068113325fb7604089c3647c365a41804978 (patch) | |
tree | 4c43ad2142825ac7c0a7045e5c48a039b25f6786 /lass/2configs/c-base.nix | |
parent | 1542f9bbee823025f703e6abf3836905cee416fd (diff) | |
parent | f12578c66f8b7b829c0dec5255f358778c0d3366 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs/c-base.nix')
-rw-r--r-- | lass/2configs/c-base.nix | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix new file mode 100644 index 000000000..9d13bc30d --- /dev/null +++ b/lass/2configs/c-base.nix @@ -0,0 +1,93 @@ +{ config, lib, pkgs, ... }: + +let + inherit (config.krebs.lib) genid; + +in { + + users.extraUsers = { + cbasevpn = rec { + name = "cbasevpn"; + uid = genid "cbasevpn"; + description = "user for running c-base openvpn"; + home = "/home/${name}"; + }; + }; + + users.extraGroups.cbasevpn.gid = genid "cbasevpn"; + + services.openvpn.servers = { + c-base = { + config = '' + client + dev tap + proto tcp + remote vpn.ext.c-base.org 1194 + resolv-retry infinite + nobind + user cbasevpn + group cbasevpn + persist-key + persist-tun + + auth-nocache + #auth-user-pass + auth-user-pass ${toString <secrets/cbase.txt>} + + comp-lzo + verb 3 + + #script-security 2 + #up /etc/openvpn/update-resolv-conf + #down /etc/openvpn/update-resolv-conf + + <ca> + -----BEGIN CERTIFICATE----- + MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV + BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj + LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ + ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1 + MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu + MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf + MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF + AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7 + IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co + uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA + AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB + pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw + CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ + BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA + Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF + BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5 + ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK + wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o= + -----END CERTIFICATE----- + </ca> + key-direction 1 + <tls-auth> + # + # 2048 bit OpenVPN static key + # + -----BEGIN OpenVPN Static key V1----- + 5d49aa8c9cec18de7ab6e0b5cd09a368 + d3f1b8b77e055e448804fa0e14f487cb + 491681742f96b54a23fb8639aa9ed14e + c40b86a5546b888c4f3873f23c956e87 + 169076ec869127ffc85353fd5928871c + da19776b79f723abb366fae6cdfe4ad6 + 7ef667b7d05a7b78dfd5ea1d2da276dc + 5f6c82313fe9c1178c7256b8d1d081b0 + 4c80bc8f21add61fbc52c158579edc1d + bbde230afb9d0e531624ce289a17098a + 3261f9144a9a2a6f0da4250c9eed4086 + 187ec6fa757a454de743a349e32af193 + e9f8b49b010014bdfb3240d992f2f234 + 581d0ce05d4e07a2b588ad9b0555b704 + 9d5edc28efde59226ec8942feed690a1 + 2acd0c8bc9424d6074d0d495391023b6 + -----END OpenVPN Static key V1----- + </tls-auth> + ''; + }; + }; +} |