From 8dcc08b1896d3723f0999974a3b11d8173f0eb72 Mon Sep 17 00:00:00 2001 From: willemml Date: Sun, 19 Nov 2023 14:36:36 -0800 Subject: [PATCH] Enables OpenVPN on nixbox --- .github/workflows/nix-github-actions.yml | 38 --------- common/secrets.nix | Bin 51 -> 128 bytes home/default.nix | 1 - nixos/hosts/nixbox.nix | 1 + nixos/modules/nordvpn.nix | 96 +++++++++++++++++++++++ 5 files changed, 97 insertions(+), 39 deletions(-) delete mode 100644 .github/workflows/nix-github-actions.yml create mode 100644 nixos/modules/nordvpn.nix diff --git a/.github/workflows/nix-github-actions.yml b/.github/workflows/nix-github-actions.yml deleted file mode 100644 index 80cbc46..0000000 --- a/.github/workflows/nix-github-actions.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Nix Flake actions - -on: - pull_request: - push: - branches: - - master - - main - -jobs: - nix-matrix: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main - - id: set-matrix - name: Generate Nix Matrix - run: | - set -Eeu - echo "matrix=$(nix eval --json '.#githubActions.matrix')" >> "$GITHUB_OUTPUT" - - nix-build: - needs: nix-matrix - runs-on: ${{ matrix.os }} - strategy: - matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}} - steps: - - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main - - uses: cachix/cachix-action@v12 - with: - name: willemml - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: nix build -L ".#${{ matrix.attr }}" diff --git a/common/secrets.nix b/common/secrets.nix index c3a9c68a9a55c532389865f77c58492f81798eed..a7c5f774dc8ae627ba215c8548b244cfd9f52433 100644 GIT binary patch literal 128 zcmV-`0Du1gM@dveQdv+`0Ijf=eC#&)x*B~`nQx-$H<6|Mx8uAXL1rM;rDe+Ju2aPZ}yfh9c=8_qSYLDY;cFOE19KIECF8i Ja%iJ0;S4J_7IFXp diff --git a/home/default.nix b/home/default.nix index cda0f14..2008017 100644 --- a/home/default.nix +++ b/home/default.nix @@ -33,7 +33,6 @@ in rec { }; sessionVariables = rec { - GCTESTSECRET = globals.secrets.test_secret; DOTDIR = "${config.home.homeDirectory}/.config/dotfiles.nix"; EDITOR = emacsCommand; VISUAL = emacsCommand; diff --git a/nixos/hosts/nixbox.nix b/nixos/hosts/nixbox.nix index ea1417f..a8182b2 100644 --- a/nixos/hosts/nixbox.nix +++ b/nixos/hosts/nixbox.nix @@ -11,6 +11,7 @@ ../profiles/default.nix ../users/willem/home/linux.nix ../modules/zerotier.nix + ../modules/nordvpn.nix ]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; diff --git a/nixos/modules/nordvpn.nix b/nixos/modules/nordvpn.nix new file mode 100644 index 0000000..e507b81 --- /dev/null +++ b/nixos/modules/nordvpn.nix @@ -0,0 +1,96 @@ +{ + config, + lib, + pkgs, + globals, + ... +}: { + services.openvpn.servers.nordp2p.config = '' + client + dev tun + proto udp + remote 185.153.179.120 1194 + resolv-retry infinite + remote-random + nobind + tun-mtu 1500 + tun-mtu-extra 32 + mssfix 1450 + persist-key + persist-tun + ping 15 + ping-restart 0 + ping-timer-rem + reneg-sec 0 + comp-lzo no + verify-x509-name CN=ca1576.nordvpn.com + + remote-cert-tls server + + auth-user-pass ${pkgs.writeText "norduserpass" '' + ${globals.secrets.nord.username} + ${globals.secrets.nord.password} + ''} + verb 3 + pull + fast-io + cipher AES-256-CBC + auth SHA512 + + -----BEGIN CERTIFICATE----- + MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ + MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2 + MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV + BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI + hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF + kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr + XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU + eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV + skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu + MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA + 37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR + hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s + Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy + WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6 + MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST + LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG + SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g + nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/ + k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S + DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/ + pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo + k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp + +RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd + NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa + wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC + VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S + PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA== + -----END CERTIFICATE----- + + key-direction 1 + + # + # 2048 bit OpenVPN static key + # + -----BEGIN OpenVPN Static key V1----- + e685bdaf659a25a200e2b9e39e51ff03 + 0fc72cf1ce07232bd8b2be5e6c670143 + f51e937e670eee09d4f2ea5a6e4e6996 + 5db852c275351b86fc4ca892d78ae002 + d6f70d029bd79c4d1c26cf14e9588033 + cf639f8a74809f29f72b9d58f9b8f5fe + fc7938eade40e9fed6cb92184abb2cc1 + 0eb1a296df243b251df0643d53724cdb + 5a92a1d6cb817804c4a9319b57d53be5 + 80815bcfcb2df55018cc83fc43bc7ff8 + 2d51f9b88364776ee9d12fc85cc7ea5b + 9741c4f598c485316db066d52db4540e + 212e1518a9bd4828219e24b20d88f598 + a196c9de96012090e333519ae18d3509 + 9427e7b372d348d352dc4c85e18cd4b9 + 3f8a56ddb2e64eb67adfc9b337157ff4 + -----END OpenVPN Static key V1----- + + + ''; +}