balsoft/nixos-config
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove openvpn

Browse Source
This commit is contained in:
Alexander Bantyev 2020-07-16 16:46:49 +03:00
parent 8b73315235
commit 9a4a7d742d
Signed by: balsoft
GPG Key ID: E081FF12ADCB4AD5
10 changed files with 24 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/applications.nix
View File

@ -56,7 +56,6 @@ with import ../support.nix { inherit lib config; }; {
home-manager.users.balsoft.xdg.mimeApps = {
enable = true;
defaultApplications =
with config.defaultApplications;
builtins.mapAttrs (name: value:
if value ? desktop then [ "${value.desktop}.desktop" ] else value) {

6
modules/applications/emacs/default.nix
View File

@ -44,11 +44,7 @@
gitlab-ci-mode
gitlab-ci-mode-flycheck
gitlab
github-issues
(github-pullrequest.overrideAttrs (oa: { buildInputs = oa.buildInputs ++ [pkgs.git]; }))
scad-mode
scad-preview
languagetool
undo-tree
];
};

1
modules/default.nix
View File

@ -38,7 +38,6 @@ device:
./mailserver.nix
./matrix-synapse.nix
./workspace/kanshi.nix
./openvpn.nix
./nginx.nix
./gitea.nix
];

2
modules/matrix-synapse.nix
View File

@ -65,7 +65,7 @@
};
systemd.services.mautrix-telegram = {
description = "A bridge between telegram and matrix";
requires = [ "matrix-synapse.service" "openvpn-client.service" ];
requires = [ "matrix-synapse.service" ];
path = with pkgs; [ coreutils mautrix-telegram ];
serviceConfig = {
Restart = "always";

86
modules/openvpn.nix
View File

@ -1,86 +0,0 @@
{ pkgs, config, lib, ... }:
lib.mkIf (! isNull config.secrets.openvpn) {
services.openvpn = {
servers = {
client = {
config = ''
proto tcp-client
remote cz2.getstaticip.com 443 # non-stadard port for OpenVPN
dev tun
nobind
persist-key
tls-client
remote-cert-tls server
#uncomment following line and comment verify-x509-name line if older OpenVPN version is installed on your device
#tls-remote eu3.finevpn.com
verify-x509-name eu3.finevpn.com name
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass
#if connection is terminated, it will attempt to connect without promting username and pass
auth-retry nointeract
# redirect-gateway def1
#dhcp-option DNS 8.8.8.8
#dhcp-option DNS 8.8.4.4
<ca>
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIJAKPYkg7opAaCMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD
VQQGEwJDWjEVMBMGA1UECBMMVXN0ZWNreSBLcmFqMRcwFQYDVQQHEw5Vc3RpIG5h
ZCBMYWJlbTEUMBIGA1UEChMLRmluZVZQTi5jb20xCzAJBgNVBAsTAklUMRcwFQYD
VQQDEw5GaW5lVlBOLmNvbSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0BmaW5ldnBu
LmNvbTAeFw0xODAyMjYxMjIzMzVaFw0yODAyMjQxMjIzMzVaMIGaMQswCQYDVQQG
EwJDWjEVMBMGA1UECBMMVXN0ZWNreSBLcmFqMRcwFQYDVQQHEw5Vc3RpIG5hZCBM
YWJlbTEUMBIGA1UEChMLRmluZVZQTi5jb20xCzAJBgNVBAsTAklUMRcwFQYDVQQD
Ew5GaW5lVlBOLmNvbSBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0BmaW5ldnBuLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyWG6suxMedT1coO5Gc
F/lTCARRK3vh6I5HWb9Rhbxq0fkxHn8vp3haHX2uJXf/udv7wR43Z+1p+nhdwGMD
5rNUVf7AqSYAWprWI4GB5twuYQnh+Iqoj+T527WlYG0kEl47W0Yk/8EortcQtCg7
yvM4+CF5LC9Kfy1rWGtcxWohYSw4KrDRbL8EVE7cJSGC/Mxphkfe3Vwop+Moa9ww
b9USOocxHzI2hGq9M0hNtXUcMxwzhNVek+4JEKTm5cf28X0DIPvVOLRFbUBHAYXA
L0/WqkZiW8A56h6Agwg8dgm7n9qsHY51A36Es5X05QVaL0XCJ7pVDQzDkkejTZpZ
cl8CAwEAAaOCARAwggEMMB0GA1UdDgQWBBTb+GbEL1EZefoHABF/VZsw5UGy6zCB
zwYDVR0jBIHHMIHEgBTb+GbEL1EZefoHABF/VZsw5UGy66GBoKSBnTCBmjELMAkG
A1UEBhMCQ1oxFTATBgNVBAgTDFVzdGVja3kgS3JhajEXMBUGA1UEBxMOVXN0aSBu
YWQgTGFiZW0xFDASBgNVBAoTC0ZpbmVWUE4uY29tMQswCQYDVQQLEwJJVDEXMBUG
A1UEAxMORmluZVZQTi5jb20gQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9AZmluZXZw
bi5jb22CCQCj2JIO6KQGgjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEANZNy+OEKNoAFNo0TjBCCyaXL6Pr3rD++I8C2X6QtGY1E
+754H3h4/vfSDMZFT8QvVrfOXnYrN+anjM5wGXLuYlECZ69zaINdkA5NCjoFSnhG
EnArMcDeOfuCJJEIN9hsILvRdS+WW/UrMjF/minrACAAnwQInB0AVXinglzqvnYf
WOogFS9WvQeNn+moWzEkpBipdpXn7flgrPQsU29kK8HEI3bek2YRJoCjhe5S3rGB
73mS0NORGcpDwlUuQeU54Qtl9i/cs6PrbGia9AvrKcHipLJC9dTq1mMKvmEupDBm
DtHIEdmbuqGBHTJvKERSSdPiqfwUP11hfXyCfoty5g==
-----END CERTIFICATE-----
</ca>
'';
up = ''
ip route delete 0.0.0.0/1
ip route delete 128.0.0.0/1
ip route add table 42 default via 93.190.51.91
# When we recieve traffic from our VPN ip, reply to it there
ip rule add from 93.190.51.91 table 42
# Also send all smtp traffic via VPN ip
ip rule add dport 25 table 42
ip rule add dport 465 table 42
ip rule add dport 587 table 42
'';
authUserPass.username = config.secrets.openvpn.user;
authUserPass.password = config.secrets.openvpn.password;
};
};
};
}

2
modules/secrets.nix
View File

@ -25,8 +25,6 @@ let
};
in rec {
options.secrets = {
owm-key = secret "OpenWeatherMap key";
irc = mkCredOption "IRC (konversation)" { };
slack-term = secret "slack token";
yt-utilities = mkOption {
description = "youtrack";

20
modules/services.nix
View File

@ -43,4 +43,24 @@
virtualisation.libvirtd = {
enable = config.deviceSpecific.isHost;
};
services.vsftpd = {
enable = true;
anonymousUser = true;
};
networking.firewall.trustedInterfaces = [ "eth0" ];
services.nextcloud = {
enable = true;
nginx.enable = true;
hostName = "nextcloud.balsoft.ru";
config.adminpassFile = "/home/balsoft/nextcloud-admin";
package = pkgs.nextcloud19;
};
services.nginx.virtualHosts."nextcloud.balsoft.ru" = {
enableACME = true;
forceSSL = true;
};
}

2
modules/workspace/mopidy.nix
View File

@ -2,7 +2,7 @@
{
services.mopidy = {
enable = true;
extensionPackages = with pkgs; [ mopidy-mpd mopidy-gmusic ];
extensionPackages = with pkgs; [ mopidy-mpd mopidy-gmusic mopidy-youtube ];
configuration = (if (!isNull config.secrets.gpmusic) then ''
[gmusic]
username = ${config.secrets.gpmusic.user}

2
modules/workspace/zsh.nix
View File

@ -46,7 +46,7 @@
"p" = "nix-shell --run zsh -p";
"o" = "xdg-open";
"post" = ''curl -F"file=@-" https://0x0.st'';
"clip" = "${pkgs.xclip}/bin/xclip -selection clipboard";
"cat" = "${pkgs.bat}/bin/bat";
};
initExtra = ''
r(){nix run nixpkgs.$1 -c $@ }

BIN
secret.nix
View File

Binary file not shown.