openvpn: uses secret ip as remote
This commit is contained in:
parent
b1156f42fb
commit
9ec97fbda5
|
@ -1,4 +1,6 @@
|
|||
openvpn:
|
||||
server:
|
||||
ip: ENC[AES256_GCM,data:hv/lHgWGsx1LBR3wcg7O,iv:JtkecUzT50YGgDQMNlXQC9C1h53sm46EYfhdzT+0K9s=,tag:sdCiPlus1DJRPoET2e4HIQ==,type:str]
|
||||
key:
|
||||
phone: ENC[AES256_GCM,data:JobVqgDl1Lk8jsIPeJgfA3tuMY1IHkTL2+rWY8CQkyJ9Q+dLIS8hMrmlqhtfiEkaWs3NFqwFuyUhK8uuOa0stBzQ/lZiQ7OKjOH8Y3d4fs6sF/FCuaVOuwfAXNy2gVEG2HgKBzFkBT/ciFxF3guy2EVNaLZCm01PaA8XMr8piXDs6lqt/YoEUNr2l+LfOsphrxLCYpGxRJxJkUWjoNGm/ZtbxI/HFO94l9JAlSoCfETqgEgWOOP3OgGKFSjr6pVty5Nw6iKHnhzFYdXyPFy67MPK9NvLWM3sAZnKrmF+B6lUFGAyZwKDwenKbjM/e5VOZrEGjj7O7EgMG7tYkbPngCPvRhQ4URIibKhKlmuP/On2WuJsNhNW7mtGMAKps0Q3B9GVAWeEGAhJUo5Y3FHGtSs0dRglAo6DCB0bgSTpa87LmY0JskW+PXCTQzJgVd6EnqL+ewMXM+1ID9upedivBZpTPbN41KAz9pCa/EziSsz7vEijq1i40RS/TTvjAC2SJkiv0tCmM7/jAoPDd/N4l7doqhk8jvokGw2PBmYkxnhPo0B2Ofhx+td/Pe/Q1fDHt42POTQ1EEuptD+utvPZUdLaOGg2ybiEYn8lsB9oEK4tVZoPaxOqHPlckSOcnTjwLmQ8M2Nf5e+iW74w+dfJrXuSz15XMSGthWmYHNPZGYo24+437HcVpEs2txcysK003PTy62X56jB5Wrv3l8rqqufVeMZDgLqo3Lw3btniFs6b3lJp1+dvYwGFXBhMeOuoannOi0bQvtIwxqTYgovHv+7/HPD06Hg9ZuU6/Lip3Vp/XR0kT3IfU7S0rmxTSVdgmlJbY8IM5VDMJTk=,iv:y6rP58/eIdMOWK1KsIYOL3pve4ew8mLQZBmIWjVWRCM=,tag:PlUTapNdWwkVKqy2yzLTdQ==,type:str]
|
||||
laptop: ENC[AES256_GCM,data:n6atoq4XVXd8xBdXpmlrZ1ZCB3dsuwJ7XUUEJeoFmxkLoT8b+A/SrEo3Cp0xaU7pwMmWZvWBj0trTGlodFM07b+rrpPHiYSPrZkKOSYTx4kj7s6jf2Fu/514fsNS76+hEu3Iof3Bxw+LhEQ3jL1Bd1lYU0+x5bh0b3JSl71VDto40VBoiM1UdQtO54XlfsfKJC9Qy6asWqDUIEpU4L4JElfFXNO9fWSUbHQX1m5UWLaZpAcAwcJknnpdr8MJPbaE2LLf9gddEoEYqZqeDcrxlWuVavgzqCwCdCHuwecmiF/Luvx1F1/O+btG0z2Iz7UzvZKjGONUV0lNE1aJiCLZhNdFluHiv+hTmjU4GRiUe2GJFACOp624GtSENrafnFV8m+cLYqrMnmCByk5FoW1CQ4Clm0txbIRRHG1zZcrwf8G/S0VAJ0CMeEHZJoe6Adh0a/BdxWaLvexxl2OQBAhv0KiISfkp5oU3RPIo5ITrNE06fXXRiVXUiB3YXV+tOUmfUzTqBBLwOiS2yT2ggRxS9j8cWvNpQJFQB0zfYE3Q9TNdzvItXD/0TtGfxC/hBEorjqQEeFrVg60qbV3m8pxZMcCSUK/2+fBrBmuJsZ6KkEX1mqMP+QLg8JyAX8Eyn3FI+EPbcoHTrTts0hrOUbSwKQjJiN3nwOm9iGB2u8q3xUUo8uV4Bx9tyVpZPmeTS3S9aA8md2UnwUHQLd+DsKtdgFMUeW7ynZKGVesi+Tf5TEkw39/zhUor/JbwoXBlKLmPNs+X3a50yr22uRqyQ0rC7WQ2DfR5cXTgS2itcFC/iyUdB0DolDX49flK3Wyr4+taMVA7nf0qnbfMmus=,iv:s8yYzh/sF2Nb+fnr+/X9GhGCg2Ft/bNJk5L+FQhG3nU=,tag:NT7jH148RvcjnmsarL9qZQ==,type:str]
|
||||
|
@ -17,8 +19,8 @@ sops:
|
|||
NmVZSk5jUUs3ZnhCTC9NOEQ1WkRJem8KvwC+Tc67NgV6rJM9vdfWbVaJSrX7xZS4
|
||||
aRvTzGL4Q2e+BnrFcyX8QiiZFgEUGEbk6MYbPELeGapwW79WvHzP8A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-14T06:31:34Z"
|
||||
mac: ENC[AES256_GCM,data:dbnrwOcg8HrzIvG42rUAX9/p3/SfRlHA6ReMKFtVXESIvIrwfagbFPO8I5CspMyy/sqNhxPj2Pe05oBP6193SbfTTrKFVO+7X7085G2Yl/8EJD89a9hQN94SfzAqGs4NQHUI/YlO+piVLeVklhRhu+rwFnOmQ72nwVo+GKR/Rw0=,iv:A0oX4yu70ufZogYnTmewa5/w7W55BEsl4h1ppbd/Qwk=,tag:aVuwzS4I8nRVNIcXiFQOJA==,type:str]
|
||||
lastmodified: "2024-06-14T09:39:43Z"
|
||||
mac: ENC[AES256_GCM,data:OnbOkWUCl8Oa+XXHJ8sQVZ+8rQ/XFmMXQlzgJA/wXJgKAdU/FPF6XnfdYdXTH7MTu/nRhctnnRaTbPWaGaWYSejdPOQcu60z53lbALuRAWZXHAa0/tGC6pFV//3TwLd5FduOq9NnPeO0lM4yWF67z1wTDpygnrqoHDkY53OpGvU=,iv:Oj7UIFBg4/We07GD+mIJNb6K/QiGSvOXdNeyf2ezxck=,tag:rvG1y6xR1XaK5e5M9X/jrg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -39,6 +39,7 @@ in
|
|||
};
|
||||
in
|
||||
{
|
||||
"openvpn/server/ip" = opts;
|
||||
"openvpn/key/phone" = opts;
|
||||
"openvpn/key/laptop" = opts;
|
||||
};
|
||||
|
@ -46,9 +47,9 @@ in
|
|||
# This section creates .ovpn files for the clients in /etc/openvpn folder. These should be shared with the clients.
|
||||
templates =
|
||||
let
|
||||
template = { placeholder, port, ifConfig }: ''
|
||||
template = { secretPlaceholder, port, ifConfig }: ''
|
||||
dev tun
|
||||
remote "${domain}"
|
||||
remote "${config.sops.placeholder."openvpn/server/ip"}"
|
||||
port ${toString port}
|
||||
ifconfig ${ifConfig}
|
||||
redirect-gateway def1
|
||||
|
@ -65,14 +66,14 @@ in
|
|||
secret [inline]
|
||||
|
||||
<secret>
|
||||
${placeholder}
|
||||
${secretPlaceholder}
|
||||
</secret>
|
||||
'';
|
||||
in
|
||||
{
|
||||
"openvpn/key/phone" = {
|
||||
content = template {
|
||||
placeholder = config.sops.placeholder."openvpn/key/phone";
|
||||
secretPlaceholder = config.sops.placeholder."openvpn/key/phone";
|
||||
port = portPhone;
|
||||
ifConfig = "10.8.1.1 10.8.1.2";
|
||||
};
|
||||
|
@ -81,7 +82,7 @@ in
|
|||
};
|
||||
"openvpn/key/laptop" = {
|
||||
content = template {
|
||||
placeholder = config.sops.placeholder."openvpn/key/laptop";
|
||||
secretPlaceholder = config.sops.placeholder."openvpn/key/laptop";
|
||||
port = portLaptop;
|
||||
ifConfig = "10.8.2.1 10.8.2.2";
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue