2022-07-15 13:11:54 +02:00
|
|
|
{ config
|
|
|
|
|
, lib
|
|
|
|
|
, pkgs
|
|
|
|
|
, ...
|
|
|
|
|
}:
|
2022-03-07 12:02:20 +01:00
|
|
|
|
2022-07-15 13:11:54 +02:00
|
|
|
with lib;
|
|
|
|
|
let
|
|
|
|
|
cfg = config.my.services.openvpn;
|
|
|
|
|
in
|
2022-03-07 12:02:20 +01:00
|
|
|
{
|
2022-10-15 20:00:09 +02:00
|
|
|
options.my.services.openvpn.enable = mkEnableOption "openvpn";
|
2022-07-15 13:11:54 +02:00
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
age.secrets = {
|
|
|
|
|
homeVPN = {
|
|
|
|
|
file = ../../secrets/home-vpn.age;
|
|
|
|
|
owner = "1000";
|
|
|
|
|
};
|
|
|
|
|
homeVPNPassword = {
|
|
|
|
|
file = ../../secrets/home-vpn-password.age;
|
|
|
|
|
owner = "1000";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
services.openvpn.servers = {
|
|
|
|
|
homeVPN = {
|
|
|
|
|
config = "config /run/agenix/homeVPN ";
|
|
|
|
|
autoStart = false;
|
|
|
|
|
updateResolvConf = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
systemd.services.openvpn-homeVPN-password = {
|
|
|
|
|
description = "Enter homeVPN password";
|
|
|
|
|
script = "cat /run/agenix/homeVPNPassword | systemd-tty-ask-password-agent";
|
|
|
|
|
wantedBy = [ "openvpn-homeVPN.service" ];
|
|
|
|
|
after = [ "openvpn-homeVPN.service" ];
|
2022-03-07 12:02:20 +01:00
|
|
|
};
|
2022-03-23 13:05:36 +01:00
|
|
|
};
|
2022-03-07 12:02:20 +01:00
|
|
|
}
|
