openvpn: calyx: fix CA and IPv4

diff --git a/nixos/profiles/openvpn/calyx.nix b/nixos/profiles/openvpn/calyx.nix
index a9e444a640719767e825cc5a3ceebf112b6d3380..5c28ceaf47220fdcb9102463255a83d65d1fa666 100644 (file)
--- a/nixos/profiles/openvpn/calyx.nix
+++ b/nixos/profiles/openvpn/calyx.nix
@@ -6,7 +6,7 @@ let
   ca = pkgs.fetchurl
     {
       url = "https://calyx.net/ca.crt";
-      hash = "sha256-NKLkpjjeGMN07htuWydBMQ03ytxF9CLm8SLNl3IPPGc=";
+      hash = "sha256-zLs7TRXrHlPjqdaBN1cmbB062XhKs4cv5ajmrkg4O8s=";
       curlOptsList = [ "-k" ];
     } + "";
   key-cert = "/run/openvpn-${netns}/key+cert.pem";
@@ -16,8 +16,8 @@ in
     inherit netns;
     settings = {
       remote =
-        # new-york
-        [ "162.247.73.193" ] ++
+        # new-york (vpn2.calyx.net)
+        [ "162.247.72.193" ] ++
         [ ];
       remote-random = true;
       port = "443";
@@ -27,7 +27,6 @@ in
       cert = key-cert;
 
       auth = "SHA1";
-      cipher = "AES-128-CBC";
       client = true;
       dev = "ov-${netns}";
       dev-type = "tun";
@@ -50,7 +49,7 @@ in
     preStart = ''
       (
       set -ex
-      ${pkgs.curl}/bin/curl -X POST --cacert ${ca} -o ${key-cert} -Ls ${apiUrl}
+      ${pkgs.curl}/bin/curl -X POST --cacert ${ca} -o ${key-cert} -vLs ${apiUrl}
       chmod 700 ${key-cert}
       )
     '';