summaryrefslogtreecommitdiffstats
path: root/lass/2configs/c-base.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-06-30 16:31:05 +0200
committertv <tv@krebsco.de>2016-06-30 16:31:05 +0200
commitd81b068113325fb7604089c3647c365a41804978 (patch)
tree4c43ad2142825ac7c0a7045e5c48a039b25f6786 /lass/2configs/c-base.nix
parent1542f9bbee823025f703e6abf3836905cee416fd (diff)
parentf12578c66f8b7b829c0dec5255f358778c0d3366 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs/c-base.nix')
-rw-r--r--lass/2configs/c-base.nix93
1 files changed, 93 insertions, 0 deletions
diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix
new file mode 100644
index 000000000..9d13bc30d
--- /dev/null
+++ b/lass/2configs/c-base.nix
@@ -0,0 +1,93 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (config.krebs.lib) genid;
+
+in {
+
+ users.extraUsers = {
+ cbasevpn = rec {
+ name = "cbasevpn";
+ uid = genid "cbasevpn";
+ description = "user for running c-base openvpn";
+ home = "/home/${name}";
+ };
+ };
+
+ users.extraGroups.cbasevpn.gid = genid "cbasevpn";
+
+ services.openvpn.servers = {
+ c-base = {
+ config = ''
+ client
+ dev tap
+ proto tcp
+ remote vpn.ext.c-base.org 1194
+ resolv-retry infinite
+ nobind
+ user cbasevpn
+ group cbasevpn
+ persist-key
+ persist-tun
+
+ auth-nocache
+ #auth-user-pass
+ auth-user-pass ${toString <secrets/cbase.txt>}
+
+ comp-lzo
+ verb 3
+
+ #script-security 2
+ #up /etc/openvpn/update-resolv-conf
+ #down /etc/openvpn/update-resolv-conf
+
+ <ca>
+ -----BEGIN CERTIFICATE-----
+ MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
+ BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj
+ LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ
+ ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1
+ MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu
+ MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf
+ MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF
+ AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7
+ IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co
+ uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA
+ AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB
+ pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw
+ CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ
+ BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA
+ Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
+ BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5
+ ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK
+ wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o=
+ -----END CERTIFICATE-----
+ </ca>
+ key-direction 1
+ <tls-auth>
+ #
+ # 2048 bit OpenVPN static key
+ #
+ -----BEGIN OpenVPN Static key V1-----
+ 5d49aa8c9cec18de7ab6e0b5cd09a368
+ d3f1b8b77e055e448804fa0e14f487cb
+ 491681742f96b54a23fb8639aa9ed14e
+ c40b86a5546b888c4f3873f23c956e87
+ 169076ec869127ffc85353fd5928871c
+ da19776b79f723abb366fae6cdfe4ad6
+ 7ef667b7d05a7b78dfd5ea1d2da276dc
+ 5f6c82313fe9c1178c7256b8d1d081b0
+ 4c80bc8f21add61fbc52c158579edc1d
+ bbde230afb9d0e531624ce289a17098a
+ 3261f9144a9a2a6f0da4250c9eed4086
+ 187ec6fa757a454de743a349e32af193
+ e9f8b49b010014bdfb3240d992f2f234
+ 581d0ce05d4e07a2b588ad9b0555b704
+ 9d5edc28efde59226ec8942feed690a1
+ 2acd0c8bc9424d6074d0d495391023b6
+ -----END OpenVPN Static key V1-----
+ </tls-auth>
+ '';
+ };
+ };
+}