refactor into modules

2026-03-10 23:22:08 +01:00
parent 1b9d24ce15
commit e58d5a7a18
29 changed files with 386 additions and 365 deletions
--- a/nixos/modules/networking/vpn.nix
+++ b/nixos/modules/networking/vpn.nix
@@ -0,0 +1,55 @@
+{ pkgs, ... }:
+
+{
+  # VSTech VPN (with DNS for bgs.local domain)
+  services.openvpn.servers.vstech = {
+    config = ''
+      client
+      remote 51.83.143.81
+      proto udp
+      port 649
+      dev tun
+      topology subnet
+      ca /home/lusia/VSTech-vpn/ca.crt
+      cert /home/lusia/VSTech-vpn/Klient251.crt
+      key /home/lusia/VSTech-vpn/Klient251.inline
+      tls-crypt /home/lusia/VSTech-vpn/ta.key
+
+      auth sha512
+      data-ciphers aes-256-cbc
+      data-ciphers-fallback aes-256-cbc
+      key-direction 1
+      keepalive 10 120
+    '';
+    updateResolvConf = false;
+
+    up = ''
+      ${pkgs.systemd}/bin/resolvectl dns $dev 10.10.10.1
+      ${pkgs.systemd}/bin/resolvectl domain $dev bgs.local
+    '';
+
+    down = ''
+      ${pkgs.systemd}/bin/resolvectl revert $dev
+    '';
+  };
+
+  # CAT VPN
+  services.openvpn.servers.cat = {
+    config = ''
+      client
+      remote 79.133.193.211
+      proto tcp
+      port 1194
+      dev tun
+      topology subnet
+      ca /home/lusia/vpn/ca.crt
+      cert /home/lusia/vpn/client18.crt
+      key /home/lusia/vpn/client18.key
+
+      auth sha256
+      data-ciphers AES-256-CBC
+      key-direction 1
+    '';
+    updateResolvConf = true;
+  };
+}