summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem23
-rw-r--r--host/software/desktop/kit.vpn.nix24
2 files changed, 6 insertions, 41 deletions
diff --git a/host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem b/host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem
deleted file mode 100644
index 374b050..0000000
--- a/host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
-KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
-BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
-YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1
-OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
-aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
-ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd
-AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC
-FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi
-1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq
-jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
-wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj
-QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/
-WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy
-NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
-uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
-IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
-g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
-9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
-BSeOE6Fuwg==
------END CERTIFICATE-----
diff --git a/host/software/desktop/kit.vpn.nix b/host/software/desktop/kit.vpn.nix
index 039733e..9f51a42 100644
--- a/host/software/desktop/kit.vpn.nix
+++ b/host/software/desktop/kit.vpn.nix
@@ -3,25 +3,13 @@
{
services.openvpn.servers = {
KIT = {
- # adapted from https://www.scc.kit.edu/scc/net/openvpn/os/debian/kit.ovpn
- config = ''
- client
- remote 141.52.8.20
- port 1194
- dev tun
- proto udp
- auth-user-pass
- nobind
- comp-lzo no
- tls-version-min 1.2
- ca ${./asset/T-TeleSec_GlobalRoot_Class_2.pem}
- verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, CN=ovpn.scc.kit.edu" subject
- cipher AES-256-CBC
- auth SHA384
- verb 3
- script-security 2
- '';
autoStart = false;
+ config = let
+ path = pkgs.fetchurl {
+ url = "https://www.scc.kit.edu/scc/net/openvpn/conf/kit-split.ovpn";
+ hash = "sha256-j4pCKyU7t1ZmwIGm5kuUgZ26Qiqa1jzoDZcP2x+A9pM=";
+ };
+ in "config ${path}";
};
};
}