Add openvpn

modules/secrets.nix

@@ -2,7 +2,7 @@
 with lib;
 with types;
 let
-  password-store = "/home/balsoft/.local/share/password-store";
+  password-store = config.secretsConfig.password-store;
   secret = { name, ... }: {
     options = {
       encrypted = mkOption {
@@ -121,6 +121,10 @@ in {
   };
 
   options.secretsConfig = {
+    password-store = lib.mkOption {
+      type = lib.types.path;
+      default = "/home/balsoft/.local/share/password-store";
+    };
     repo = lib.mkOption {
       type = str;
       default = "ssh://git@github.com/balsoft/pass";

profiles/workspace/openvpn.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }: let password-store = config.secretsConfig.password-store; in {
+  secrets.tawasal_eu1 = {
+    encrypted = "${password-store}/openvpn/tawasal_eu1.gpg";
+    services = [ "openvpn-tawasal-eu1.service" ];
+  };
+  secrets.tawasal_eu2 = {
+    encrypted = "${password-store}/openvpn/tawasal_eu2.gpg";
+    services = [ "openvpn-tawasal-eu2.service" ];
+  };
+
+  services.openvpn.servers = {
+    tawasal-eu1.config = "config ${config.secrets.tawasal_eu1.decrypted}";
+    tawasal-eu2.config = "config ${config.secrets.tawasal_eu2.decrypted}";
+  };
+}

roles/desktop.nix

@@ -41,6 +41,7 @@
     light
     mako
     # mopidy
+    openvpn
     simple-osd-daemons
     sway
     yubikey-touch-detector