pinwheel: Add work-vpn in work module (openvpn)
This commit is contained in:
Alexander Heldt
@@ -23,6 +23,7 @@
|
||||
./modules/syncthing
|
||||
./modules/firefox
|
||||
./modules/mullvad
|
||||
./modules/openvpn
|
||||
./modules/calibre
|
||||
./modules/go
|
||||
./modules/nix
|
||||
@@ -122,6 +123,8 @@
|
||||
}];
|
||||
};
|
||||
|
||||
mod.openvpn.enable = true;
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
|
||||
22
hosts/pinwheel/modules/openvpn/default.nix
Normal file
22
hosts/pinwheel/modules/openvpn/default.nix
Normal file
@@ -0,0 +1,22 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
enabled = config.mod.openvpn.enable;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
mod.openvpn = {
|
||||
enable = lib.mkEnableOption "add openvpn related packages";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf enabled {
|
||||
home-manager.users.alex = {
|
||||
home.packages = [
|
||||
pkgs.openvpn
|
||||
pkgs.update-systemd-resolved
|
||||
];
|
||||
};
|
||||
|
||||
services.resolved.enable = true;
|
||||
};
|
||||
}
|
||||
@@ -1,4 +1,26 @@
|
||||
{ ... }:
|
||||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
openvpnEnabled = config.mod.openvpn.enable;
|
||||
|
||||
work-vpn = let
|
||||
ovpnconfig = config.age.secrets.work-ovpn.path;
|
||||
userpass = config.age.secrets.work-ovpn-userpass.path;
|
||||
in
|
||||
pkgs.writeShellApplication {
|
||||
name = "work-vpn";
|
||||
text = ''
|
||||
sudo \
|
||||
${pkgs.openvpn}/bin/openvpn \
|
||||
--script-security 2 \
|
||||
--up ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved \
|
||||
--up-restart \
|
||||
--down ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved \
|
||||
--down-pre \
|
||||
--config ${ovpnconfig} \
|
||||
--auth-user-pass ${userpass}
|
||||
'';
|
||||
};
|
||||
in
|
||||
{
|
||||
home-manager.users.alex = {
|
||||
programs.git = {
|
||||
@@ -13,6 +35,8 @@
|
||||
programs.go = {
|
||||
goPrivate = [ "gitlab.com/zebware/*" ];
|
||||
};
|
||||
|
||||
home.packages = lib.mkIf openvpnEnabled [ work-vpn ];
|
||||
};
|
||||
|
||||
age.secrets = {
|
||||
@@ -22,5 +46,13 @@
|
||||
owner = "alex";
|
||||
group = "users";
|
||||
};
|
||||
|
||||
"work-ovpn" = lib.mkIf openvpnEnabled {
|
||||
file = ../../../../secrets/pinwheel/work-ovpn.age;
|
||||
};
|
||||
|
||||
"work-ovpn-userpass" = lib.mkIf openvpnEnabled {
|
||||
file = ../../../../secrets/pinwheel/work-ovpn-userpass.age;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user