mnx: add openvpn connection, update secrets

This commit is contained in:
teutat3s 2023-06-09 17:07:15 +02:00
parent 8a2910f10c
commit 244a8b01fb
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
5 changed files with 20 additions and 0 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -15,6 +15,8 @@ in {
"github-api-token.age".publicKeys = allKeys; "github-api-token.age".publicKeys = allKeys;
"fwknoprc.age".publicKeys = allKeys; "fwknoprc.age".publicKeys = allKeys;
"cat-testenv.ovpn.age".publicKeys = allKeys; "cat-testenv.ovpn.age".publicKeys = allKeys;
"mnx-bonanza-pf1.ovpn.age".publicKeys = allKeys;
"mnx-bonanza-pf1.p12.age".publicKeys = allKeys;
"docker-ci-runner-secrets.age".publicKeys = allKeys; "docker-ci-runner-secrets.age".publicKeys = allKeys;
"test-secret.age".publicKeys = [users.teutat3s-5-nfc]; "test-secret.age".publicKeys = [users.teutat3s-5-nfc];
} }

View file

@ -10,6 +10,17 @@ with lib; let
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
config = { config = {
age.secrets."mnx-bonanza-pf1.ovpn" = {
file = "${self}/secrets/mnx-bonanza-pf1.ovpn.age";
mode = "600";
owner = psCfg.user.name;
};
age.secrets."mnx-bonanza-pf1.p12" = {
file = "${self}/secrets/mnx-bonanza-pf1.p12.age";
mode = "600";
owner = psCfg.user.name;
};
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
networkmanager-fortisslvpn networkmanager-fortisslvpn
@ -17,6 +28,13 @@ in {
]; ];
}; };
services.openvpn.servers = {
bonanzaVPN = {
config = ''config ${config.age.secrets."mnx-bonanza-pf1.ovpn".path}'';
autoStart = false;
};
};
programs._1password-gui = { programs._1password-gui = {
enable = true; enable = true;
polkitPolicyOwners = ["teutat3s"]; polkitPolicyOwners = ["teutat3s"];