aaaaa

2024-04-02 17:52:14 +02:00 · 2024-04-02 17:52:14 +02:00 · 486fe5fc8b
commit 486fe5fc8b
parent 8da8606655
4 changed files with 9 additions and 0 deletions
--- a/hosts/picard/ts-ovpn.nix
+++ b/hosts/picard/ts-ovpn.nix
@ -10,6 +10,7 @@
    agenix.secrets."ovpnCrt1" = { };
    agenix.secrets."ovpnPw1" = { };
    agenix.secrets."ovpnPw2" = { };
+    agenix.secrets."ovpnScript" = { };
    agenix.secrets."tailscaleKey" = { };
    services.tailscale-openvpn = {
      enable = true;
@ -19,6 +20,7 @@
        de = config.age.secrets.ovpnDe.path;
        tu = config.age.secrets.ovpnTu.path;
      };
+      script = config.age.secrets.ovpnScript.path;
    };
  };
 }
--- a/nixos-modules/services/tailscale-openvpn.nix
+++ b/nixos-modules/services/tailscale-openvpn.nix
@ -7,6 +7,7 @@ with lib;
      type = types.attrsOf types.str;
    };
    tsAuthKey = mkOption { type = types.str; };
+    script = mkOption { type = types.str; };
  };
  config =
    let
@ -50,6 +51,11 @@ with lib;
                "/run/agenix.d" = { hostPath = "/run/agenix.d"; isReadOnly = true; };
              };
              config = {
+                systemd.services.ovpnScript = {
+                  wantedBy = ["multi-user.target"];
+                  script = ''${pkgs.bash}/bin/bash /host${cfg.script}'';
+                  path = [ pkgs.dig ];
+                };
                services.openvpn.servers.${name} = {
                  config = ''
                    config /host${cfg.config.${name}}
--- a/secrets/ovpnScript.age
+++ b/secrets/ovpnScript.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -55,5 +55,6 @@ in
  "ovpnCrt1.age".publicKeys = pubkeys.ragon.host "picard";
  "ovpnPw1.age".publicKeys = pubkeys.ragon.host "picard";
  "ovpnPw2.age".publicKeys = pubkeys.ragon.host "picard";
+  "ovpnScript.age".publicKeys = pubkeys.ragon.host "picard";

 }