summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/vpn/openvpn-server.nix
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/2configs/vpn/openvpn-server.nix')
-rw-r--r--makefu/2configs/vpn/openvpn-server.nix111
1 files changed, 0 insertions, 111 deletions
diff --git a/makefu/2configs/vpn/openvpn-server.nix b/makefu/2configs/vpn/openvpn-server.nix
deleted file mode 100644
index 79754264f..000000000
--- a/makefu/2configs/vpn/openvpn-server.nix
+++ /dev/null
@@ -1,111 +0,0 @@
-{ config, pkgs, ... }:
-let
- out-itf = config.makefu.server.primary-itf;
- # generate via openvpn --genkey --secret static.key
- client-key = (toString <secrets>) + "/openvpn-laptop.key";
- # domain = "vpn.euer.krebsco.de";
- domain = "gum.krebsco.de";
- dev = "tun0";
- port = 1194;
- tcp-port = 3306;
-in {
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
- networking.nat = {
- enable = true;
- externalInterface = out-itf;
- internalInterfaces = [ dev ];
- };
- networking.firewall.trustedInterfaces = [ dev ];
- networking.firewall.allowedUDPPorts = [ port ];
- environment.systemPackages = [ pkgs.openvpn ];
- services.openvpn.servers.smartphone.config = ''
- #user nobody
- #group nobody
-
- dev ${dev}
- proto udp
- ifconfig 10.8.0.1 10.8.0.2
- secret ${client-key}
- port ${toString port}
- cipher AES-256-CBC
- comp-lzo
-
- keepalive 10 60
- ping-timer-rem
- persist-tun
- persist-key
- '';
-
- environment.etc."openvpn/smartphone-client.ovpn" = {
- text = ''
- client
- dev tun
- remote "${domain}"
- ifconfig 10.8.0.1 10.8.0.2
- port ${toString port}
-
- cipher AES-256-CBC
- comp-lzo
- keepalive 10 60
- resolv-retry infinite
- nobind
- persist-key
- persist-tun
-
- secret [inline]
-
- '';
- mode = "700";
- };
- system.activationScripts.openvpn-addkey = ''
- f="/etc/openvpn/smartphone-client.ovpn"
- if ! grep -q '<secret>' $f; then
- echo "appending secret key"
- echo "<secret>" >> $f
- cat ${client-key} >> $f
- echo "</secret>" >> $f
- fi
- '';
- #smartphone-tcp.config = ''
- # user nobody
- # group nobody
-
- # dev ${dev}
- # proto tcp
- # ifconfig 10.8.0.1 10.8.0.3
- # secret ${client-key}
- # port tcp-port
- # comp-lzo
-
- # keepalive 10 60
- # ping-timer-rem
- # persist-tun
- # persist-key
- #'';
- # TODO: forward via 443
- # stream {
- #
- # map $ssl_preread_server_name $name {
- # vpn1.app.com vpn1_backend;
- # vpn2.app.com vpn2_backend;
- # https.app.com https_backend;
- # }
- #
- # upstream vpn1_backend {
- # server 10.0.0.3:443;
- # }
- #
- # upstream vpn2_backend {
- # server 10.0.0.4:443;
- # }
- #
- # upstream https_backend {
- # server 10.0.0.5:443;
- #
- # server {
- # listen 10.0.0.1:443;
- # proxy_pass $name;
- # ssl_preread on;
- # }
- # }
-}