mnx: add openvpn connection, update secrets

2023-06-09 17:07:15 +02:00 · 2023-06-09 17:07:15 +02:00 · 244a8b01fb
parent 8a2910f10c
commit 244a8b01fb
5 changed files with 20 additions and 0 deletions
--- a/secrets/environment-secrets.age
+++ b/secrets/environment-secrets.age
--- a/secrets/mnx-bonanza-pf1.ovpn.age
+++ b/secrets/mnx-bonanza-pf1.ovpn.age
--- a/secrets/mnx-bonanza-pf1.p12.age
+++ b/secrets/mnx-bonanza-pf1.p12.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -15,6 +15,8 @@ in {
  "github-api-token.age".publicKeys = allKeys;
  "fwknoprc.age".publicKeys = allKeys;
  "cat-testenv.ovpn.age".publicKeys = allKeys;
+  "mnx-bonanza-pf1.ovpn.age".publicKeys = allKeys;
+  "mnx-bonanza-pf1.p12.age".publicKeys = allKeys;
  "docker-ci-runner-secrets.age".publicKeys = allKeys;
  "test-secret.age".publicKeys = [users.teutat3s-5-nfc];
 }
--- a/users/teutat3s/mnx.nix
+++ b/users/teutat3s/mnx.nix
@ -10,6 +10,17 @@ with lib; let
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
 in {
  config = {
+    age.secrets."mnx-bonanza-pf1.ovpn" = {
+      file = "${self}/secrets/mnx-bonanza-pf1.ovpn.age";
+      mode = "600";
+      owner = psCfg.user.name;
+    };
+    age.secrets."mnx-bonanza-pf1.p12" = {
+      file = "${self}/secrets/mnx-bonanza-pf1.p12.age";
+      mode = "600";
+      owner = psCfg.user.name;
+    };
+
    environment = {
      systemPackages = with pkgs; [
        networkmanager-fortisslvpn
@ -17,6 +28,13 @@ in {
      ];
    };

+    services.openvpn.servers = {
+      bonanzaVPN = {
+        config = ''config ${config.age.secrets."mnx-bonanza-pf1.ovpn".path}'';
+        autoStart = false;
+      };
+    };
+
    programs._1password-gui = {
      enable = true;
      polkitPolicyOwners = ["teutat3s"];