From 1651b8a5506d6d00e55833b7715deb48bae8cb1d Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Tue, 4 Feb 2025 11:52:12 +0100 Subject: [PATCH] add cyberghost vpn for chatgpt --- hosts/nb/modules/cyberghost.nix | 58 +++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 hosts/nb/modules/cyberghost.nix diff --git a/hosts/nb/modules/cyberghost.nix b/hosts/nb/modules/cyberghost.nix new file mode 100644 index 0000000..6a9a491 --- /dev/null +++ b/hosts/nb/modules/cyberghost.nix @@ -0,0 +1,58 @@ +{ config, pkgs, ... }: { + + sops.secrets.cyberghost_user_pass = {}; + sops.secrets.cyberghost_ca = {}; + sops.secrets.cyberghost_cert = {}; + sops.secrets.cyberghost_key = {}; + + environment.systemPackages = with pkgs; [ + openvpn + networkmanager + networkmanager-openvpn + ]; + + environment.etc = + let + conn = (pkgs.formats.ini { }).generate "cyberghost.nmconnection" { + connection = { + id = "cyberghost vpn"; + autoconnect = false; + type = "vpn"; + uuid = "f47ac10b-58cc-4372-a567-0e02b2c3d479"; + }; + + vpn = { + service-type = "org.freedesktop.NetworkManager.openvpn"; + password-flags = 0; + auth-user-pass = config.sops.secrets.cyberghost_user_pass.path; + ca = config.sops.secrets.cyberghost_ca.path; + cert = config.sops.secrets.cyberghost_cert.path; + key = config.sops.secrets.cyberghost_key.path; + comp-lzo = "yes"; + }; + + ethernet.auto-negotiate = true; + + ipv4 = { + may-fail = false; + method = "auto"; + never-default = false; + route1 = "10.42.0.0/16,0.0.0.0,100"; + route-data = "10.42.0.0/16,0.0.0.0,100"; + ignore-auto-routes = true; + ignore-auto-dns = true; + }; + + ipv6 = { + method = "ignore"; + }; + }; + + in + { + "NetworkManager/system-connections/${conn.name}" = { + source = conn; + mode = "0600"; + }; + }; +}