diff --git a/modules/torrents.nix b/modules/torrents.nix index 6b5f381..e64730d 100644 --- a/modules/torrents.nix +++ b/modules/torrents.nix @@ -1,11 +1,4 @@ { config, lib, pkgs, ... }: -let - vpnServer = "89.249.65.115"; - vpnConfig = builtins.fetchurl { - url = "https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/de948.nordvpn.com.udp.ovpn"; - sha256 = "07z4xxs4nxg44c3d19rnqg6iq2f7i8yjy28rwbz312z4axqgkcxn"; - }; -in { sops.secrets = { @@ -66,7 +59,75 @@ in services.openvpn.servers.client = { updateResolvConf = true; config = '' - config ${vpnConfig} + client + dev tun + resolv-retry infinite + nobind + persist-key + persist-tun + verb 3 + remote-cert-tls server + ping 10 + ping-restart 60 + sndbuf 524288 + rcvbuf 524288 + cipher AES-256-CBC + tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA + proto udp + + -----BEGIN CERTIFICATE----- + MIIGIzCCBAugAwIBAgIJAK6BqXN9GHI0MA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD + VQQGEwJTRTERMA8GA1UECAwIR290YWxhbmQxEzARBgNVBAcMCkdvdGhlbmJ1cmcx + FDASBgNVBAoMC0FtYWdpY29tIEFCMRAwDgYDVQQLDAdNdWxsdmFkMRswGQYDVQQD + DBJNdWxsdmFkIFJvb3QgQ0EgdjIxIzAhBgkqhkiG9w0BCQEWFHNlY3VyaXR5QG11 + bGx2YWQubmV0MB4XDTE4MTEwMjExMTYxMVoXDTI4MTAzMDExMTYxMVowgZ8xCzAJ + BgNVBAYTAlNFMREwDwYDVQQIDAhHb3RhbGFuZDETMBEGA1UEBwwKR290aGVuYnVy + ZzEUMBIGA1UECgwLQW1hZ2ljb20gQUIxEDAOBgNVBAsMB011bGx2YWQxGzAZBgNV + BAMMEk11bGx2YWQgUm9vdCBDQSB2MjEjMCEGCSqGSIb3DQEJARYUc2VjdXJpdHlA + bXVsbHZhZC5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCifDn7 + 5E/Zdx1qsy31rMEzuvbTXqZVZp4bjWbmcyyXqvnayRUHHoovG+lzc+HDL3HJV+kj + xKpCMkEVWwjY159lJbQbm8kkYntBBREdzRRjjJpTb6haf/NXeOtQJ9aVlCc4dM66 + bEmyAoXkzXVZTQJ8h2FE55KVxHi5Sdy4XC5zm0wPa4DPDokNp1qm3A9Xicq3Hsfl + LbMZRCAGuI+Jek6caHqiKjTHtujn6Gfxv2WsZ7SjerUAk+mvBo2sfKmB7octxG7y + AOFFg7YsWL0AxddBWqgq5R/1WDJ9d1Cwun9WGRRQ1TLvzF1yABUerjjKrk89RCzY + ISwsKcgJPscaDqZgO6RIruY/xjuTtrnZSv+FXs+Woxf87P+QgQd76LC0MstTnys+ + AfTMuMPOLy9fMfEzs3LP0Nz6v5yjhX8ff7+3UUI3IcMxCvyxdTPClY5IvFdW7CCm + mLNzakmx5GCItBWg/EIg1K1SG0jU9F8vlNZUqLKz42hWy/xB5C4QYQQ9ILdu4ara + PnrXnmd1D1QKVwKQ1DpWhNbpBDfE776/4xXD/tGM5O0TImp1NXul8wYsDi8g+e0p + xNgY3Pahnj1yfG75Yw82spZanUH0QSNoMVMWnmV2hXGsWqypRq0pH8mPeLzeKa82 + gzsAZsouRD1k8wFlYA4z9HQFxqfcntTqXuwQcQIDAQABo2AwXjAdBgNVHQ4EFgQU + faEyaBpGNzsqttiSMETq+X/GJ0YwHwYDVR0jBBgwFoAUfaEyaBpGNzsqttiSMETq + +X/GJ0YwCwYDVR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL + BQADggIBADH5izxu4V8Javal8EA4DxZxIHUsWCg5cuopB28PsyJYpyKipsBoI8+R + XqbtrLLue4WQfNPZHLXlKi+A3GTrLdlnenYzXVipPd+n3vRZyofaB3Jtb03nirVW + Ga8FG21Xy/f4rPqwcW54lxrnnh0SA0hwuZ+b2yAWESBXPxrzVQdTWCqoFI6/aRnN + 8RyZn0LqRYoW7WDtKpLmfyvshBmmu4PCYSh/SYiFHgR9fsWzVcxdySDsmX8wXowu + Ffp8V9sFhD4TsebAaplaICOuLUgj+Yin5QzgB0F9Ci3Zh6oWwl64SL/OxxQLpzMW + zr0lrWsQrS3PgC4+6JC4IpTXX5eUqfSvHPtbRKK0yLnd9hYgvZUBvvZvUFR/3/fW + +mpBHbZJBu9+/1uux46M4rJ2FeaJUf9PhYCPuUj63yu0Grn0DreVKK1SkD5V6qXN + 0TmoxYyguhfsIPCpI1VsdaSWuNjJ+a/HIlKIU8vKp5iN/+6ZTPAg9Q7s3Ji+vfx/ + AhFtQyTpIYNszVzNZyobvkiMUlK+eUKGlHVQp73y6MmGIlbBbyzpEoedNU4uFu57 + mw4fYGHqYZmYqFaiNQv4tVrGkg6p+Ypyu1zOfIHF7eqlAOu/SyRTvZkt9VtSVEOV + H7nDIGdrCC9U/g1Lqk8Td00Oj8xesyKzsG214Xd8m7/7GmJ7nXe5 + -----END CERTIFICATE----- + + tun-ipv6 + script-security 2 + fast-io + remote-random + remote de-fra-101.mullvad.net 1194 + remote de-fra-201.mullvad.net 1194 + remote de-fra-009.mullvad.net 1194 + remote de-fra-002.mullvad.net 1194 + remote de-fra-202.mullvad.net 1194 + remote de-fra-005.mullvad.net 1194 + remote de-fra-203.mullvad.net 1194 + remote de-fra-003.mullvad.net 1194 + remote de-fra-004.mullvad.net 1194 + remote de-fra-008.mullvad.net 1194 + remote de-fra-006.mullvad.net 1194 + remote de-fra-007.mullvad.net 1194 + remote de-fra-102.mullvad.net 1194 auth-user-pass ${config.sops.secrets.vpnCredentials.path} ''; }; diff --git a/secrets.enc.yml b/secrets.enc.yml index 14fc5c7..fee6675 100644 --- a/secrets.enc.yml +++ b/secrets.enc.yml @@ -28,7 +28,7 @@ wiki: arkadia: users_file: ENC[AES256_GCM,data:glllwv0+KnPOeJ4eFNXECZPZvL6k5RODxIJNfWjQgo8EUKF7UsVyRvHcL2g9TAEpXKT8RGLekZim+Q467eKKGPpdj2LlrI/XYPyMvk2ShaTBO2ivx+6e9zowpdJNclBMmtKGgggK+r7LeXGunCl06oq86LpKq9ddiX2zZnOfxU1b0ZAG+tmqSVfkgi7cOs5DGagSaco+2+SkCOGThahGquWMrPmVULO0Dz2w98+7uSbmFmXlJOOZjKCk/q0ou4Bi0gK6lQ8/fKleNJLJ0x8Vx0WPYZgz6109RkTYznMl2HSIZEcNp81PxQvr66Vumc8ZO+OXWbNyY064/LXFJB7sEA57r4ccHHkH5+FCKFQJzCA=,iv:Ki0MCTJ8jwogDNL71kiMY4EGrfBorxB2rpBJAid6QOQ=,tag:q/mfK3Dm0KFnK4AHjzsP7g==,type:str] openvpn: - credentials: ENC[AES256_GCM,data:nAA+4lB8fh64AQaG1CJyNIUSvn9mIGfIKHSFbImPzAdFRQPDnKOEQFe+/qXNswXYWHU0DdvnPA==,iv:sLZRPrDtSnx0AvKcC/DTces/Il+l0Nl1kRrnXj8X4WQ=,tag:RHenD6WATKuibxMj2LFPWw==,type:str] + credentials: ENC[AES256_GCM,data:AZRmAhGhqsCs650ExArM0nVX,iv:Y6vTMjIC5s4gIwDWgYfEOUPGScPpj4jhk4XYeyRjpUw=,tag:vkob+Q+Mv6O2GCFvY+adRw==,type:str] borg: passphrase: ENC[AES256_GCM,data:RNUTb29sOdsg4KnB/0nIFGJFV/2nlMH4pxGFlgXdtTgDe2opT/moUg==,iv:6kdBeq+qFWnPB+N+zpKNdFkmkskOVMabdj8Uxk9QeQI=,tag:MxNqn5p9P0JpsjkNm9iYEQ==,type:str] client_keys: @@ -50,8 +50,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-07-27T00:04:51Z" - mac: ENC[AES256_GCM,data:I1z+7HZP7JEICEGa93mJ1qGysNVBJWyb8LsjuioFdsoKLy4B0wexdpRnB/gNSdEO/D18jAxMfMBwNd5zpI68O7Z0u1tCK0APog2anJYcd3KWMJ0eo5FNk3AsASOUoB/9H4Mcv224MsMyDtCVvxaJ8Ql0HtbfDZu/B0Hxd+kQJgw=,iv:HN65bOS26p3qVtNwP6u27RpdPFD6dobVSxnZhIcAvb4=,tag:3EBGuuq+vKyGn+N4jfp9yA==,type:str] + lastmodified: "2022-07-27T03:05:41Z" + mac: ENC[AES256_GCM,data:vImmhxK93ubN/gTPtKkWrzPp+9ipU+WtggD0zODTZgNmzrtWOtEisUTA3sjMHKtuliK26Y73BjR8l44My8UpMsKCcAQAa+IHZHNZW7/VyKM7cRU71Eav+SGWMpCUHBTLZCfBIVMC0GyNcajGJypDUTh1ETpj7TV9NKysx1ocBhM=,iv:7JoI6/q46+iI1onRNnLfxZUEDZo4rMhzhnZVn6YbU+g=,tag:NOJGXv2Sx8kvJcRPoQslnw==,type:str] pgp: - created_at: "2021-11-29T00:57:34Z" enc: |