~kaction/config

ref: 871614e344d8ece5ad973fd71d112e24c2a35586 config/system-v2/openvpn/default.nix -rw-r--r-- 1.6 KiB
871614e3 — Dmitry Bogatov nix-sys: add "kaction" user into "video" group 8 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
{ runCommand, runit, busybox, openvpn, universe-key, execline,
  writeScript, iptables, firewall }:
let
  inherit (universe-key) decrypt;
  authfile = decrypt ./auth.txt.enchive;
  config = ./cz101.nordvpn.com.tcp443.ovpn;
  runscript = writeScript "openvpn.run" ''
    #!${execline}/bin/execlineb -P
    if { ${busybox}/bin/mkdir -p /var/run/chroot/openvpn/tmp }
    if { ${busybox}/bin/chmod 700 /var/run/chroot/openvpn/tmp }
    if { ${busybox}/bin/chown __openvpn:__openvpn /var/run/chroot/openvpn/tmp }
    if { ${iptables}/bin/iptables-restore ${firewall}/ifup.ip }
    ${openvpn}/bin/openvpn
      --config ${config}
      --auth-user-pass ${authfile}
      --user  __openvpn
      --group __openvpn
      --chroot /var/run/chroot/openvpn
  '';
  finishscript = writeScript "openvpn.finish" ''
    #!${execline}/bin/execlineb -P
    ${iptables}/bin/iptables-restore ${firewall}/ifdown.ip
  '';

  logscript = writeScript "openvpn.logrun" ''
    #!${execline}/bin/execlineb -P
    if { ${busybox}/bin/mkdir -p /var/log/runit/openvpn }
    if { ${busybox}/bin/chmod 700  /var/log/runit/openvpn }
    if { ${busybox}/bin/chown __openvpn_log:__openvpn_log /var/log/runit/openvpn }

    ${runit}/bin/chpst -u __openvpn_log:__openvpn_log
    ${runit}/bin/svlogd /var/log/runit/openvpn
  '';

in runCommand "openvpn.sv" { inherit runscript logscript finishscript; } ''
  mkdir -p $out/log
  cp $runscript $out/run
  cp $finishscript $out/finish
  cp $logscript $out/log/run
  ln -s /run/runit/supervise.openvpn $out/supervise
  ln -s /run/runit/supervise.log.openvpn $out/log/supervise
''