From c9a69def55f6e13ce13e60713b5369007fe4d7d0 Mon Sep 17 00:00:00 2001
From: Adrian Kummerlaender
Date: Fri, 28 Sep 2018 13:44:53 +0200
Subject: Separate desktop and server software

---
 host/software/desktop/kit.vpn.nix | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 host/software/desktop/kit.vpn.nix

(limited to 'host/software/desktop/kit.vpn.nix')

diff --git a/host/software/desktop/kit.vpn.nix b/host/software/desktop/kit.vpn.nix
new file mode 100644
index 0000000..726356d
--- /dev/null
+++ b/host/software/desktop/kit.vpn.nix
@@ -0,0 +1,27 @@
+{ pkgs, ... }:
+
+{
+  services.openvpn.servers = {
+    KIT = {
+      # adapted from https://www.scc.kit.edu/scc/net/openvpn/os/debian/kit.ovpn
+      config = ''
+        client
+        remote 141.52.8.20
+        port 1194
+        dev tun
+        proto udp
+        auth-user-pass
+        nobind
+        comp-lzo no
+        tls-version-min 1.2
+        ca ${./asset/T-TeleSec_GlobalRoot_Class_2.pem}
+        verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, OU=Steinbuch Centre for Computing, CN=ovpn.scc.kit.edu" subject
+        cipher AES-256-CBC
+        auth SHA384
+        verb 3
+        script-security 2
+      '';
+      autoStart = false;
+    };
+  };
+}
-- 
cgit v1.2.3