add cyberghost vpn for chatgpt

2025-02-04 11:52:12 +01:00
parent ff2fdd3c08
commit 1651b8a550
1 changed files with 58 additions and 0 deletions
--- a/hosts/nb/modules/cyberghost.nix
+++ b/hosts/nb/modules/cyberghost.nix
@@ -0,0 +1,58 @@
+{ config, pkgs, ... }: {
+
+  sops.secrets.cyberghost_user_pass = {};
+  sops.secrets.cyberghost_ca = {};
+  sops.secrets.cyberghost_cert = {};
+  sops.secrets.cyberghost_key = {};
+
+  environment.systemPackages = with pkgs; [
+    openvpn
+    networkmanager
+    networkmanager-openvpn
+  ];
+
+  environment.etc =
+    let
+      conn = (pkgs.formats.ini { }).generate "cyberghost.nmconnection" {
+        connection = {
+          id = "cyberghost vpn";
+          autoconnect = false;
+          type = "vpn";
+          uuid = "f47ac10b-58cc-4372-a567-0e02b2c3d479";
+        };
+
+        vpn = {
+          service-type = "org.freedesktop.NetworkManager.openvpn";
+          password-flags = 0;
+          auth-user-pass = config.sops.secrets.cyberghost_user_pass.path;
+          ca = config.sops.secrets.cyberghost_ca.path;
+          cert = config.sops.secrets.cyberghost_cert.path;
+          key = config.sops.secrets.cyberghost_key.path;
+          comp-lzo = "yes";
+        };
+
+        ethernet.auto-negotiate = true;
+
+        ipv4 = {
+          may-fail = false;
+          method = "auto";
+          never-default = false;
+          route1 = "10.42.0.0/16,0.0.0.0,100";
+          route-data = "10.42.0.0/16,0.0.0.0,100";
+          ignore-auto-routes = true;
+          ignore-auto-dns = true;
+        };
+
+        ipv6 = {
+          method = "ignore";
+        };
+      };
+
+    in
+    {
+      "NetworkManager/system-connections/${conn.name}" = {
+        source = conn;
+        mode = "0600";
+      };
+    };
+}