xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

aaaaa

Browse source
This commit is contained in:
Lucy Hochkamp 2024-04-02 17:52:14 +02:00
parent 8da8606655
commit 486fe5fc8b
No known key found for this signature in database
4 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/picard/ts-ovpn.nix
View file

@ -10,6 +10,7 @@
agenix.secrets."ovpnCrt1" = { }; agenix.secrets."ovpnCrt1" = { };
agenix.secrets."ovpnPw1" = { }; agenix.secrets."ovpnPw1" = { };
agenix.secrets."ovpnPw2" = { }; agenix.secrets."ovpnPw2" = { };
agenix.secrets."ovpnScript" = { };
agenix.secrets."tailscaleKey" = { }; agenix.secrets."tailscaleKey" = { };
services.tailscale-openvpn = { services.tailscale-openvpn = {
enable = true; enable = true;
@ -19,6 +20,7 @@
de = config.age.secrets.ovpnDe.path; de = config.age.secrets.ovpnDe.path;
tu = config.age.secrets.ovpnTu.path; tu = config.age.secrets.ovpnTu.path;
}; };
script = config.age.secrets.ovpnScript.path;
}; };
}; };
} }

6
nixos-modules/services/tailscale-openvpn.nix
View file

@ -7,6 +7,7 @@ with lib;
type = types.attrsOf types.str; type = types.attrsOf types.str;
}; };
tsAuthKey = mkOption { type = types.str; }; tsAuthKey = mkOption { type = types.str; };
script = mkOption { type = types.str; };
}; };
config = config =
let let
@ -50,6 +51,11 @@ with lib;
"/run/agenix.d" = { hostPath = "/run/agenix.d"; isReadOnly = true; }; "/run/agenix.d" = { hostPath = "/run/agenix.d"; isReadOnly = true; };
}; };
config = { config = {
systemd.services.ovpnScript = {
wantedBy = ["multi-user.target"];
script = ''${pkgs.bash}/bin/bash /host${cfg.script}'';
path = [ pkgs.dig ];
};
services.openvpn.servers.${name} = { services.openvpn.servers.${name} = {
config = '' config = ''
config /host${cfg.config.${name}} config /host${cfg.config.${name}}

BIN
secrets/ovpnScript.age Normal file
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -55,5 +55,6 @@ in
"ovpnCrt1.age".publicKeys = pubkeys.ragon.host "picard"; "ovpnCrt1.age".publicKeys = pubkeys.ragon.host "picard";
"ovpnPw1.age".publicKeys = pubkeys.ragon.host "picard"; "ovpnPw1.age".publicKeys = pubkeys.ragon.host "picard";
"ovpnPw2.age".publicKeys = pubkeys.ragon.host "picard"; "ovpnPw2.age".publicKeys = pubkeys.ragon.host "picard";
"ovpnScript.age".publicKeys = pubkeys.ragon.host "picard";
} }