diff options
Diffstat (limited to 'makefu/2configs/vpn/openvpn-server.nix')
-rw-r--r-- | makefu/2configs/vpn/openvpn-server.nix | 111 |
1 files changed, 0 insertions, 111 deletions
diff --git a/makefu/2configs/vpn/openvpn-server.nix b/makefu/2configs/vpn/openvpn-server.nix deleted file mode 100644 index 79754264f..000000000 --- a/makefu/2configs/vpn/openvpn-server.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, pkgs, ... }: -let - out-itf = config.makefu.server.primary-itf; - # generate via openvpn --genkey --secret static.key - client-key = (toString <secrets>) + "/openvpn-laptop.key"; - # domain = "vpn.euer.krebsco.de"; - domain = "gum.krebsco.de"; - dev = "tun0"; - port = 1194; - tcp-port = 3306; -in { - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - networking.nat = { - enable = true; - externalInterface = out-itf; - internalInterfaces = [ dev ]; - }; - networking.firewall.trustedInterfaces = [ dev ]; - networking.firewall.allowedUDPPorts = [ port ]; - environment.systemPackages = [ pkgs.openvpn ]; - services.openvpn.servers.smartphone.config = '' - #user nobody - #group nobody - - dev ${dev} - proto udp - ifconfig 10.8.0.1 10.8.0.2 - secret ${client-key} - port ${toString port} - cipher AES-256-CBC - comp-lzo - - keepalive 10 60 - ping-timer-rem - persist-tun - persist-key - ''; - - environment.etc."openvpn/smartphone-client.ovpn" = { - text = '' - client - dev tun - remote "${domain}" - ifconfig 10.8.0.1 10.8.0.2 - port ${toString port} - - cipher AES-256-CBC - comp-lzo - keepalive 10 60 - resolv-retry infinite - nobind - persist-key - persist-tun - - secret [inline] - - ''; - mode = "700"; - }; - system.activationScripts.openvpn-addkey = '' - f="/etc/openvpn/smartphone-client.ovpn" - if ! grep -q '<secret>' $f; then - echo "appending secret key" - echo "<secret>" >> $f - cat ${client-key} >> $f - echo "</secret>" >> $f - fi - ''; - #smartphone-tcp.config = '' - # user nobody - # group nobody - - # dev ${dev} - # proto tcp - # ifconfig 10.8.0.1 10.8.0.3 - # secret ${client-key} - # port tcp-port - # comp-lzo - - # keepalive 10 60 - # ping-timer-rem - # persist-tun - # persist-key - #''; - # TODO: forward via 443 - # stream { - # - # map $ssl_preread_server_name $name { - # vpn1.app.com vpn1_backend; - # vpn2.app.com vpn2_backend; - # https.app.com https_backend; - # } - # - # upstream vpn1_backend { - # server 10.0.0.3:443; - # } - # - # upstream vpn2_backend { - # server 10.0.0.4:443; - # } - # - # upstream https_backend { - # server 10.0.0.5:443; - # - # server { - # listen 10.0.0.1:443; - # proxy_pass $name; - # ssl_preread on; - # } - # } -} |