Add openvpn

2025-12-19 09:29:36 +01:00 · 2022-05-31 11:32:24 +02:00 · 2022-05-31 11:32:24 +02:00 · 9d7e605929
commit 9d7e605929
parent 895939b377
3 changed files with 77 additions and 0 deletions
--- a/machines/stel-xps/default.nix
+++ b/machines/stel-xps/default.nix
@ -22,6 +22,9 @@
 #      dpi = 180;
    };

+    # add TUD vpn
+    openvpn.enable = true;
+
    # enable sops
    sops = {
      enable = true;
--- a/modules/openvpn/config/TUD.ovpn
+++ b/modules/openvpn/config/TUD.ovpn
@ -0,0 +1,60 @@
+tls-client
+pull
+remote openvpn.zih.tu-dresden.de
+port 1194
+dev tun
+proto udp
+auth-user-pass
+nobind
+#comp-lzo no
+tls-version-min 1.2
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDJDCCAqqgAwIBAgIIVUfkeTU1KgIwCgYIKoZIzj0EAwQwgcYxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZTYXhvbnkxEDAOBgNVBAcTB0RyZXNkZW4xKDAmBgNVBAoT
+H1RlY2huaXNjaGUgVW5pdmVyc2l0YWV0IERyZXNkZW4xQjBABgNVBAsTOVplbnRy
+dW0gZnVlciBJbmZvcm1hdGlvbnNkaWVuc3RlIHVuZCBIb2NobGVpc3R1bmdzcmVj
+aG5lbjEmMCQGA1UEAxMdT3BlblZQTiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN
+MjAwMzEzMTcwMjAwWhcNMjMwMzEzMTcwMjAwWjCBxjELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBlNheG9ueTEQMA4GA1UEBxMHRHJlc2RlbjEoMCYGA1UEChMfVGVjaG5p
+c2NoZSBVbml2ZXJzaXRhZXQgRHJlc2RlbjFCMEAGA1UECxM5WmVudHJ1bSBmdWVy
+IEluZm9ybWF0aW9uc2RpZW5zdGUgdW5kIEhvY2hsZWlzdHVuZ3NyZWNobmVuMSYw
+JAYDVQQDEx1PcGVuVlBOIENlcnRpZmljYXRlIEF1dGhvcml0eTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABAFyQ2/XGnQpeqQGR9//A3eSUl/dm5ksuPba4yuF+TonfIMS
+SkYrW3KbFexK/7M1F2n6xTCk8YxgF0cl/6AqVW80UsdW9FeQSO2jEOY8xl4Ag95B
+5KD1ur3kfn/GxRfJe6NjMGEwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU
+/IAoHx3yIpN6FV/js71yXvf+POwwHwYDVR0jBBgwFoAU/IAoHx3yIpN6FV/js71y
+Xvf+POwwCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMEA2gAMGUCMQDyPDrW8JofQUiG
+a1DacXRr3dQUAKIdpgk7VFXU90hRrSTkMBgZNev6rd+TBgk/XeQCMCLq4DQgwTjc
+jexcxW/cIHH5bfUy/xykQWjEnlJsPoeA0JaTtBcrrK7h/9dUCUhk+g==
+-----END CERTIFICATE-----
+</ca>
+<tls-crypt>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+9b32985687664a47084463da740ff2a2
+8976d0f78b2264e7feda8486efe02289
+7ff5abc2f1bfe170eb620e63fb0cba01
+fb65e4f6668fd3a718e1b3d4d94ac2a5
+56a1d53f8f971fb0307034d425758cb3
+1aeb8156b05ceb2fe79eaf56777c3bb5
+0fa26bc1f3a0b21d3a1a8787f133c626
+5776465ab7848443d8b153300853a7c2
+167d72baf41b6372db1b801499ac1aa3
+3506442dfb204bb037e961c938fd9571
+cb62228eb0c482f3db4598f08f8c26fe
+1d72031e82f5bd163e961310fe781806
+8e546e4957f6eae73585b245ae3a6273
+fc4375d385cb2c95646af01ec31a23cc
+e7fbbd353a27ec216f6e677fed8a4298
+6b0c01f429db0ddb52fd0760788c32d5
+-----END OpenVPN Static key V1-----
+</tls-crypt>
+remote-cert-tls server
+cipher AES-256-GCM
+auth SHA384
+reneg-sec 43200
+verb 3
+
--- a/modules/openvpn/default.nix
+++ b/modules/openvpn/default.nix
@ -0,0 +1,14 @@
+{ config, lib, pkgs, ...}:
+with lib; {
+  options.elss.openvpn.enable = mkEnableOption "Setup  TUD openvpn";
+  config =
+    let
+      cfg = config.elss.openvpn;
+    in
+      mkIf cfg.enable {
+        services.openvpn.servers.TUD = {
+          config = "config config/TUD.ovpn";
+          autoStart = false;
+        };
+      };
+}