Restructure host config, derivations

1 files changed, 27 insertions, 0 deletions

diff --git a/host/software/kit.vpn.nix b/host/software/kit.vpn.nix
new file mode 100644
index 0000000..726356d
--- /dev/null
+++ b/host/software/kit.vpn.nix
@@ -0,0 +1,27 @@
+{ pkgs, ... }:
+
+{
+  services.openvpn.servers = {
+    KIT = {
+      # adapted from https://www.scc.kit.edu/scc/net/openvpn/os/debian/kit.ovpn
+      config = ''
+        client
+        remote 141.52.8.20
+        port 1194
+        dev tun
+        proto udp
+        auth-user-pass
+        nobind
+        comp-lzo no
+        tls-version-min 1.2
+        ca ${./asset/T-TeleSec_GlobalRoot_Class_2.pem}
+        verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, OU=Steinbuch Centre for Computing, CN=ovpn.scc.kit.edu" subject
+        cipher AES-256-CBC
+        auth SHA384
+        verb 3
+        script-security 2
+      '';
+      autoStart = false;
+    };
+  };
+}