{ config, lib, pkgs, ... }: let inherit (config.krebs.lib) genid; in { users.extraUsers = { cbasevpn = rec { name = "cbasevpn"; uid = genid "cbasevpn"; description = "user for running c-base openvpn"; home = "/home/${name}"; }; }; users.extraGroups.cbasevpn.gid = genid "cbasevpn"; services.openvpn.servers = { c-base = { config = '' client dev tap proto tcp remote vpn.ext.c-base.org 1194 resolv-retry infinite nobind user cbasevpn group cbasevpn persist-key persist-tun auth-nocache #auth-user-pass auth-user-pass ${toString <secrets/cbase.txt>} comp-lzo verb 3 #script-security 2 #up /etc/openvpn/update-resolv-conf #down /etc/openvpn/update-resolv-conf <ca> -----BEGIN CERTIFICATE----- MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1 MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7 IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5 ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o= -----END CERTIFICATE----- </ca> key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- 5d49aa8c9cec18de7ab6e0b5cd09a368 d3f1b8b77e055e448804fa0e14f487cb 491681742f96b54a23fb8639aa9ed14e c40b86a5546b888c4f3873f23c956e87 169076ec869127ffc85353fd5928871c da19776b79f723abb366fae6cdfe4ad6 7ef667b7d05a7b78dfd5ea1d2da276dc 5f6c82313fe9c1178c7256b8d1d081b0 4c80bc8f21add61fbc52c158579edc1d bbde230afb9d0e531624ce289a17098a 3261f9144a9a2a6f0da4250c9eed4086 187ec6fa757a454de743a349e32af193 e9f8b49b010014bdfb3240d992f2f234 581d0ce05d4e07a2b588ad9b0555b704 9d5edc28efde59226ec8942feed690a1 2acd0c8bc9424d6074d0d495391023b6 -----END OpenVPN Static key V1----- </tls-auth> ''; }; }; }