with import <stockholm/lib>;
{ ... }:

{

  users.extraUsers = {
    dcsovpn = rec {
      name = "dcsovpn";
      uid = genid "dcsovpn";
      description = "user for running dcso openvpn";
      home = "/home/${name}";
    };
  };

  users.extraGroups.dcsovpn.gid = genid "dcsovpn";

  services.openvpn.servers = {
    dcso = {
      config = ''
        client
        dev tun
        tun-mtu 1356
        mssfix
        proto udp
        float
        remote 217.111.55.41 1194
        nobind
        user dcsovpn
        group dcsovpn
        persist-key
        persist-tun
        ca ${toString <secrets/dcsovpn/ca.pem>}
        cert ${toString <secrets/dcsovpn/cert.pem>}
        key ${toString <secrets/dcsovpn/cert.key>}
        verb 3
        mute 20
        auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
        route-method exe
        route-delay 2
      '';
      updateResolvConf = true;
    };
  };
}