fabianhauser/dotfiles
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Update threema vpn configuration

Browse source
This commit is contained in:
Fabian Hauser 2021-10-25 10:30:51 +02:00
parent ce658e1764
commit b50dea93a1
1 changed files with 23 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
defaults/user-configuration/fhauser/work/openvpn.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: { { pkgs, lib, config, ... }: {
services.openvpn.servers.threema = let services.openvpn.servers.threema = let
cafile = pkgs.writeTextFile { cafile = pkgs.writeTextFile {
name = "threema-vpn-ca.crt"; name = "threema-vpn-ca.crt";
@ -25,6 +25,14 @@
-----END CERTIFICATE----- -----END CERTIFICATE-----
''; '';
}; };
dhcpIps = if config.networking.hostName == "speer" then
[ "10.2.1.1" ] # TODO: Extract speer gw ip to meta
else [
"185.88.236.100"
"212.103.68.20"
];
dhcpOptions = with builtins;
concatStringsSep "\n" (map (ip: "dhcp-option DNS ${ip}") dhcpIps);
in { in {
autoStart = false; autoStart = false;
config = '' config = ''
@ -42,29 +50,35 @@
route 10.83.0.0 255.255.0.0 default default route 10.83.0.0 255.255.0.0 default default
route 10.90.0.0 255.255.0.0 default default route 10.90.0.0 255.255.0.0 default default
#route 5.148.175.192 255.255.255.224 default default
#route 5.148.189.192 255.255.255.224 default default
route 192.168.11.0 255.255.255.0 default default route 192.168.11.0 255.255.255.0 default default
route 192.168.13.0 255.255.255.0 default default route 192.168.13.0 255.255.255.0 default default
route 136.243.104.147 255.255.255.255 default default route 136.243.104.147 255.255.255.255 default default
route 193.70.13.37 255.255.255.255 default default route 188.126.81.131 255.255.255.255 default default
route 95.211.228.137 255.255.255.255 default default route 95.211.228.137 255.255.255.255 default default
route 5.148.189.112 255.255.255.240 default default
route 185.88.236.64 255.255.255.192 default default route 185.88.236.64 255.255.255.192 default default
route 212.103.68.0 255.255.255.192 default default route 212.103.68.0 255.255.255.192 default default
route 194.56.189.145 255.255.255.255 default default
route 54.38.37.213 255.255.255.255 default default
# VPN exclusions: Jitsi and TURN
route 185.88.236.76 255.255.255.255 net_gateway default
route 185.88.236.77 255.255.255.255 net_gateway default
route 185.88.236.98 255.255.255.255 net_gateway default route 185.88.236.98 255.255.255.255 net_gateway default
route 5.148.189.116 255.255.255.255 net_gateway default route 185.88.236.113 255.255.255.255 net_gateway default
route 185.88.236.114 255.255.255.255 net_gateway default
route 212.103.68.7 255.255.255.255 net_gateway default
route 212.103.68.8 255.255.255.255 net_gateway default
route 212.103.68.40 255.255.255.255 net_gateway default
route 212.103.68.41 255.255.255.255 net_gateway default
dhcp-option DNS 185.88.236.100 ${dhcpOptions}
dhcp-option DNS 212.103.68.20
reneg-bytes 0 reneg-bytes 0
auth-nocache auth-nocache
tls-cipher DEFAULT tls-cipher DEFAULT
cipher AES-128-CBC cipher AES-128-CBC
reneg-sec 0
data-ciphers AES-128-CBC data-ciphers AES-128-CBC
data-ciphers-fallback AES-128-CBC data-ciphers-fallback AES-128-CBC
reneg-sec 0
remap-usr1 SIGTERM remap-usr1 SIGTERM
''; '';
updateResolvConf = true; updateResolvConf = true;