]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/oignon/openvpn.nix
patate: enable wg-intra
[julm/julm-nix.git] / hosts / oignon / openvpn.nix
1 { pkgs, lib, config, hostName, private, ... }:
2 let
3 inherit (config.services) openvpn;
4 in
5 {
6 services.netns.namespaces."riseup" = {
7 };
8 services.openvpn.servers."riseup" = {
9 netns = "riseup";
10 settings = {
11 verb = 3;
12 auth-user-pass = "${private}/${hostName}/openvpn/riseup/auth-user-pass";
13 ca = openvpn/riseup/RiseupCA.pem;
14 client = true;
15 dev = "ov-riseup";
16 dev-type = "tun";
17 persist-tun = true;
18 nobind = true;
19 persist-key = true;
20 tls-client = true;
21 remote-cert-tls = "server";
22 remote = "198.252.153.226 1194 udp";
23 reneg-sec = 0;
24 script-security = 2;
25 up-restart = true;
26 };
27 };
28 }