j bln: +dcso-vpn

1 files changed, 44 insertions, 0 deletions

diff --git a/jeschli/1systems/bln/dcso-vpn.nix b/jeschli/1systems/bln/dcso-vpn.nix
new file mode 100644
index 0000000..0a5623b
--- /dev/null
+++ b/jeschli/1systems/bln/dcso-vpn.nix
@@ -0,0 +1,44 @@
+with import <stockholm/lib>;
+{ ... }:
+
+{
+
+  users.extraUsers = {
+    dcsovpn = rec {
+      name = "dcsovpn";
+      uid = genid "dcsovpn";
+      description = "user for running dcso openvpn";
+      home = "/home/${name}";
+    };
+  };
+
+  users.extraGroups.dcsovpn.gid = genid "dcsovpn";
+
+  services.openvpn.servers = {
+    dcso = {
+      config = ''
+        client
+        dev tun
+        tun-mtu 1356
+        mssfix
+        proto udp
+        float
+        remote 217.111.55.41 1194
+        nobind
+        user dcsovpn
+        group dcsovpn
+        persist-key
+        persist-tun
+        ca ${toString <secrets/dcsovpn/ca.pem>}
+        cert ${toString <secrets/dcsovpn/cert.pem>}
+        key ${toString <secrets/dcsovpn/cert.key>}
+        verb 3
+        mute 20
+        auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
+        route-method exe
+        route-delay 2
+      '';
+      updateResolvConf = true;
+    };
+  };
+}