From 486fe5fc8b9796dbe5b26b1d6e198627df07f1a2 Mon Sep 17 00:00:00 2001 From: Lucy Hochkamp Date: Tue, 2 Apr 2024 17:52:14 +0200 Subject: [PATCH] aaaaa --- hosts/picard/ts-ovpn.nix | 2 ++ nixos-modules/services/tailscale-openvpn.nix | 6 ++++++ secrets/ovpnScript.age | Bin 0 -> 1981 bytes secrets/secrets.nix | 1 + 4 files changed, 9 insertions(+) create mode 100644 secrets/ovpnScript.age diff --git a/hosts/picard/ts-ovpn.nix b/hosts/picard/ts-ovpn.nix index 133bbfa3..f9863e68 100644 --- a/hosts/picard/ts-ovpn.nix +++ b/hosts/picard/ts-ovpn.nix @@ -10,6 +10,7 @@ agenix.secrets."ovpnCrt1" = { }; agenix.secrets."ovpnPw1" = { }; agenix.secrets."ovpnPw2" = { }; + agenix.secrets."ovpnScript" = { }; agenix.secrets."tailscaleKey" = { }; services.tailscale-openvpn = { enable = true; @@ -19,6 +20,7 @@ de = config.age.secrets.ovpnDe.path; tu = config.age.secrets.ovpnTu.path; }; + script = config.age.secrets.ovpnScript.path; }; }; } diff --git a/nixos-modules/services/tailscale-openvpn.nix b/nixos-modules/services/tailscale-openvpn.nix index 508878b7..4207630c 100644 --- a/nixos-modules/services/tailscale-openvpn.nix +++ b/nixos-modules/services/tailscale-openvpn.nix @@ -7,6 +7,7 @@ with lib; type = types.attrsOf types.str; }; tsAuthKey = mkOption { type = types.str; }; + script = mkOption { type = types.str; }; }; config = let @@ -50,6 +51,11 @@ with lib; "/run/agenix.d" = { hostPath = "/run/agenix.d"; isReadOnly = true; }; }; config = { + systemd.services.ovpnScript = { + wantedBy = ["multi-user.target"]; + script = ''${pkgs.bash}/bin/bash /host${cfg.script}''; + path = [ pkgs.dig ]; + }; services.openvpn.servers.${name} = { config = '' config /host${cfg.config.${name}} diff --git a/secrets/ovpnScript.age b/secrets/ovpnScript.age new file mode 100644 index 0000000000000000000000000000000000000000..787ae93ecd3f387fa6863f55e4924fb71a667d1a GIT binary patch literal 1981 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+Pfqpr4^#*$aBQ7x5(5xN83`{ z!`RT#Jt?Rxqu43UF~!W(sLHg`ti;hJKi9R&$bzfFv83Fzz@#j>BG@C*uh68z&DSHP zsIolUKR7AED96dOEUm~nNZZ}Nz!TlJ&``^uU`GWDKg(igUu};dZT0NJeTY&g9>xY zV6!4ui;D8JWaCQrs$_KAg1kJ9og5Xs4HI+IgS|?9y$p?fz0HlQa>5M*oFY>)s=`f@ zD^e;e%|pw)iha`!oszkHbIlARE5n?V@=DW!Q!AXp0?qQvJW|~=Ewml;4YSP3UDLc= zEsET;9SzWJi^wbU@-A2Ka!D*LimIye)K4oiHc3hiFiP@CEG!L84^9m(aWydvadQhw z3`qBP&nV{d^~&-yOVch$P4`WA@-sBa56f`%PchREjPxoDaVx3{@G;8qwnz(%NHamV z&D_t&)GuAZ)W;>zBtNn;E7zykA~W0A%ilE7JjpRXG}$=Y!aE?)+c_z(DkDeVFRz>{ zB{;>a)Uhhp#iGL5Biz+HD6py^$ThFP$sn!N$+99mDl#xLF}NzU%)OjTS65fTyeKfr z+^ft#B{wD2R6pOZz{{d2z@xw~H!5Q&hl?Em+bB9BK%)I z)=mtHI`Y9Ym4_g2UqVE*P3@bw=id+tjP4%BiV*0{IYekj>=BE(tGRDYhKf7 zI+AmxU(R=W@JfI8(_Q>8xmW&Vbuilc|GU$zbOG;08%5r}TDVNUGcCK9;Vymr&AAg+?^;^SuOt0K*v8lx_et!j{-{SV0T$bK4iQio+ z`QExN=2zQ`Wvg8dd^Db^`r+9mofGxqIs%*4ue|bSZv6%BP3?<68NSP>lX`RgY0 z@hjGSSE4>f{Sc{7Nl>omb9OkkeB-mqZoz*cdz}@XvMUpxUHt!SOG)Xn1tl++d;L7c zKgnv(i?~9jq)VGKCPx}ehj$xSSxZ)Zn9?!D^q}Pb-`j7`=9u=~r9fbBsL#c}x2g`- zb8ZbfbNG|TQEd*7ye$9DqgCCmmv^$( z1qe1W%dLDHW&eBgTlo&7m!GEHeD%^g_5Smyob2061jP3j9{lC^RW`X%MSGrcnEuZx zn$t`#?w+&ey6@z^0)0EB^KErv-kUBzHUGDBW%le_Hrns_ot#Yy!)|e}Cm(-TUV6$*WV0zU}WjUT*l?o-5#+zZZ|p`;^bFd5il>Rzsu2_1X95H}-6ED0zI8Vd8~(y^BHxIvQJ&c^~>&JaHG0 z&1SpfyTN^pPlmv*TQl~Wt>C$v)V-~LPMfA&S$Ev4q&{YD-R0Wnwn+aiU$grn>*_#m zYgd(XXZ@f3>JRTe5-Ra1w7Ii-p2~OkrbV$GuWD<|INn6Xw6yKGu~+f=`IUhy915is zQ_T*%`~GIzfx0&f+UJ!1*9=vPvFIpTDXq|bwQbL|8DgGt|GlqI*t<<|^MNZ$r52$a zTi5LF@MV6JBbQ^nw_7PPSEVgG&Z*@zPs_XW@5Z) zL)6`!71L&03jH=y+2A`X+E+k2U2?|cn1{@gVGpz3v(97tGC?~~OVv8*`nT`ei{}OG MU^GwTtDl<(00@*>$N&HU literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3190f8d4..ccb56d44 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -55,5 +55,6 @@ in "ovpnCrt1.age".publicKeys = pubkeys.ragon.host "picard"; "ovpnPw1.age".publicKeys = pubkeys.ragon.host "picard"; "ovpnPw2.age".publicKeys = pubkeys.ragon.host "picard"; + "ovpnScript.age".publicKeys = pubkeys.ragon.host "picard"; }