Setup vpn's

1 files changed, 58 insertions, 3 deletions

diff --git a/hosts/work.nix b/hosts/work.nix
index a094dab..d0b97cc 100644
--- a/hosts/work.nix
+++ b/hosts/work.nix
@@ -30,9 +30,64 @@
     LC_TIME = "nl_NL.UTF-8";
   };
 
-  services.xserver.xkb = {
-    layout = "us";
-    variant = "";
+  services = {
+    openssh.enable = true;
+    openvpn.servers = {
+      ghostnet = {
+        config = ''
+          client
+          remote 185.57.9.6 1194
+          cert ${config.age.secrets.ghostnet-cert.path}
+          key ${config.age.secrets.ghostnet-key.path}
+          ca ${config.age.secrets.ghostnet-ca.path}
+          auth-user-pass ${config.age.secrets.ghostnet-auth-user-pass.path}
+          reneg-sec 0
+          cipher AES-256-CBC
+          comp-lzo adaptive
+          dev tun
+          proto udp
+          remote-cert-tls server
+          tls-auth ${config.age.secrets.ghostnet-tls-auth.path} 1
+          nobind
+          auth-nocache
+          script-security 2
+          persist-key
+          persist-tun
+          user nm-openvpn
+          group nm-openvpn
+        '';
+        updateResolvConf = false;
+      };
+      systems = {
+        config = ''
+          client
+          remote 'vpn-v2.one.com'
+          cert '${config.age.secrets.systems-cert.path}'
+          key '${config.age.secrets.systems-key.path}'
+          ca '${config.age.secrets.systems-ca.path}'
+          cipher AES-128-CBC
+          comp-lzo adaptive
+          dev tun
+          proto udp
+          port 1200
+          remote-cert-tls server
+          tls-auth '${config.age.secrets.systems-tls-auth.path}' 1
+          nobind
+          auth-nocache
+          script-security 2
+          persist-key
+          persist-tun
+          user nm-openvpn
+          group nm-openvpn
+        '';
+        updateResolvConf = false;
+      };
+    };
+
+    xserver.xkb = {
+      layout = "us";
+      variant = "";
+    };
   };
 
   users.users.jras = {