mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2025-12-25 05:36:59 +01:00
Switch to Mullvad VPN
This commit is contained in:
Paul-Henri Froidmont
parent
9e918d5685
commit
888a41dbfe
GPG key ID:
BE948AFD7E7873BE
2 changed files with 72 additions and 11 deletions
|
|
@ -1,11 +1,4 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
|
||||||
vpnServer = "89.249.65.115";
|
|
||||||
vpnConfig = builtins.fetchurl {
|
|
||||||
url = "https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/de948.nordvpn.com.udp.ovpn";
|
|
||||||
sha256 = "07z4xxs4nxg44c3d19rnqg6iq2f7i8yjy28rwbz312z4axqgkcxn";
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
|
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
|
|
@ -66,7 +59,75 @@ in
|
||||||
services.openvpn.servers.client = {
|
services.openvpn.servers.client = {
|
||||||
updateResolvConf = true;
|
updateResolvConf = true;
|
||||||
config = ''
|
config = ''
|
||||||
config ${vpnConfig}
|
client
|
||||||
|
dev tun
|
||||||
|
resolv-retry infinite
|
||||||
|
nobind
|
||||||
|
persist-key
|
||||||
|
persist-tun
|
||||||
|
verb 3
|
||||||
|
remote-cert-tls server
|
||||||
|
ping 10
|
||||||
|
ping-restart 60
|
||||||
|
sndbuf 524288
|
||||||
|
rcvbuf 524288
|
||||||
|
cipher AES-256-CBC
|
||||||
|
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
|
||||||
|
proto udp
|
||||||
|
<ca>
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIGIzCCBAugAwIBAgIJAK6BqXN9GHI0MA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD
|
||||||
|
VQQGEwJTRTERMA8GA1UECAwIR290YWxhbmQxEzARBgNVBAcMCkdvdGhlbmJ1cmcx
|
||||||
|
FDASBgNVBAoMC0FtYWdpY29tIEFCMRAwDgYDVQQLDAdNdWxsdmFkMRswGQYDVQQD
|
||||||
|
DBJNdWxsdmFkIFJvb3QgQ0EgdjIxIzAhBgkqhkiG9w0BCQEWFHNlY3VyaXR5QG11
|
||||||
|
bGx2YWQubmV0MB4XDTE4MTEwMjExMTYxMVoXDTI4MTAzMDExMTYxMVowgZ8xCzAJ
|
||||||
|
BgNVBAYTAlNFMREwDwYDVQQIDAhHb3RhbGFuZDETMBEGA1UEBwwKR290aGVuYnVy
|
||||||
|
ZzEUMBIGA1UECgwLQW1hZ2ljb20gQUIxEDAOBgNVBAsMB011bGx2YWQxGzAZBgNV
|
||||||
|
BAMMEk11bGx2YWQgUm9vdCBDQSB2MjEjMCEGCSqGSIb3DQEJARYUc2VjdXJpdHlA
|
||||||
|
bXVsbHZhZC5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCifDn7
|
||||||
|
5E/Zdx1qsy31rMEzuvbTXqZVZp4bjWbmcyyXqvnayRUHHoovG+lzc+HDL3HJV+kj
|
||||||
|
xKpCMkEVWwjY159lJbQbm8kkYntBBREdzRRjjJpTb6haf/NXeOtQJ9aVlCc4dM66
|
||||||
|
bEmyAoXkzXVZTQJ8h2FE55KVxHi5Sdy4XC5zm0wPa4DPDokNp1qm3A9Xicq3Hsfl
|
||||||
|
LbMZRCAGuI+Jek6caHqiKjTHtujn6Gfxv2WsZ7SjerUAk+mvBo2sfKmB7octxG7y
|
||||||
|
AOFFg7YsWL0AxddBWqgq5R/1WDJ9d1Cwun9WGRRQ1TLvzF1yABUerjjKrk89RCzY
|
||||||
|
ISwsKcgJPscaDqZgO6RIruY/xjuTtrnZSv+FXs+Woxf87P+QgQd76LC0MstTnys+
|
||||||
|
AfTMuMPOLy9fMfEzs3LP0Nz6v5yjhX8ff7+3UUI3IcMxCvyxdTPClY5IvFdW7CCm
|
||||||
|
mLNzakmx5GCItBWg/EIg1K1SG0jU9F8vlNZUqLKz42hWy/xB5C4QYQQ9ILdu4ara
|
||||||
|
PnrXnmd1D1QKVwKQ1DpWhNbpBDfE776/4xXD/tGM5O0TImp1NXul8wYsDi8g+e0p
|
||||||
|
xNgY3Pahnj1yfG75Yw82spZanUH0QSNoMVMWnmV2hXGsWqypRq0pH8mPeLzeKa82
|
||||||
|
gzsAZsouRD1k8wFlYA4z9HQFxqfcntTqXuwQcQIDAQABo2AwXjAdBgNVHQ4EFgQU
|
||||||
|
faEyaBpGNzsqttiSMETq+X/GJ0YwHwYDVR0jBBgwFoAUfaEyaBpGNzsqttiSMETq
|
||||||
|
+X/GJ0YwCwYDVR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
|
||||||
|
BQADggIBADH5izxu4V8Javal8EA4DxZxIHUsWCg5cuopB28PsyJYpyKipsBoI8+R
|
||||||
|
XqbtrLLue4WQfNPZHLXlKi+A3GTrLdlnenYzXVipPd+n3vRZyofaB3Jtb03nirVW
|
||||||
|
Ga8FG21Xy/f4rPqwcW54lxrnnh0SA0hwuZ+b2yAWESBXPxrzVQdTWCqoFI6/aRnN
|
||||||
|
8RyZn0LqRYoW7WDtKpLmfyvshBmmu4PCYSh/SYiFHgR9fsWzVcxdySDsmX8wXowu
|
||||||
|
Ffp8V9sFhD4TsebAaplaICOuLUgj+Yin5QzgB0F9Ci3Zh6oWwl64SL/OxxQLpzMW
|
||||||
|
zr0lrWsQrS3PgC4+6JC4IpTXX5eUqfSvHPtbRKK0yLnd9hYgvZUBvvZvUFR/3/fW
|
||||||
|
+mpBHbZJBu9+/1uux46M4rJ2FeaJUf9PhYCPuUj63yu0Grn0DreVKK1SkD5V6qXN
|
||||||
|
0TmoxYyguhfsIPCpI1VsdaSWuNjJ+a/HIlKIU8vKp5iN/+6ZTPAg9Q7s3Ji+vfx/
|
||||||
|
AhFtQyTpIYNszVzNZyobvkiMUlK+eUKGlHVQp73y6MmGIlbBbyzpEoedNU4uFu57
|
||||||
|
mw4fYGHqYZmYqFaiNQv4tVrGkg6p+Ypyu1zOfIHF7eqlAOu/SyRTvZkt9VtSVEOV
|
||||||
|
H7nDIGdrCC9U/g1Lqk8Td00Oj8xesyKzsG214Xd8m7/7GmJ7nXe5
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
</ca>
|
||||||
|
tun-ipv6
|
||||||
|
script-security 2
|
||||||
|
fast-io
|
||||||
|
remote-random
|
||||||
|
remote de-fra-101.mullvad.net 1194
|
||||||
|
remote de-fra-201.mullvad.net 1194
|
||||||
|
remote de-fra-009.mullvad.net 1194
|
||||||
|
remote de-fra-002.mullvad.net 1194
|
||||||
|
remote de-fra-202.mullvad.net 1194
|
||||||
|
remote de-fra-005.mullvad.net 1194
|
||||||
|
remote de-fra-203.mullvad.net 1194
|
||||||
|
remote de-fra-003.mullvad.net 1194
|
||||||
|
remote de-fra-004.mullvad.net 1194
|
||||||
|
remote de-fra-008.mullvad.net 1194
|
||||||
|
remote de-fra-006.mullvad.net 1194
|
||||||
|
remote de-fra-007.mullvad.net 1194
|
||||||
|
remote de-fra-102.mullvad.net 1194
|
||||||
auth-user-pass ${config.sops.secrets.vpnCredentials.path}
|
auth-user-pass ${config.sops.secrets.vpnCredentials.path}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ wiki:
|
||||||
arkadia:
|
arkadia:
|
||||||
users_file: ENC[AES256_GCM,data:glllwv0+KnPOeJ4eFNXECZPZvL6k5RODxIJNfWjQgo8EUKF7UsVyRvHcL2g9TAEpXKT8RGLekZim+Q467eKKGPpdj2LlrI/XYPyMvk2ShaTBO2ivx+6e9zowpdJNclBMmtKGgggK+r7LeXGunCl06oq86LpKq9ddiX2zZnOfxU1b0ZAG+tmqSVfkgi7cOs5DGagSaco+2+SkCOGThahGquWMrPmVULO0Dz2w98+7uSbmFmXlJOOZjKCk/q0ou4Bi0gK6lQ8/fKleNJLJ0x8Vx0WPYZgz6109RkTYznMl2HSIZEcNp81PxQvr66Vumc8ZO+OXWbNyY064/LXFJB7sEA57r4ccHHkH5+FCKFQJzCA=,iv:Ki0MCTJ8jwogDNL71kiMY4EGrfBorxB2rpBJAid6QOQ=,tag:q/mfK3Dm0KFnK4AHjzsP7g==,type:str]
|
users_file: ENC[AES256_GCM,data:glllwv0+KnPOeJ4eFNXECZPZvL6k5RODxIJNfWjQgo8EUKF7UsVyRvHcL2g9TAEpXKT8RGLekZim+Q467eKKGPpdj2LlrI/XYPyMvk2ShaTBO2ivx+6e9zowpdJNclBMmtKGgggK+r7LeXGunCl06oq86LpKq9ddiX2zZnOfxU1b0ZAG+tmqSVfkgi7cOs5DGagSaco+2+SkCOGThahGquWMrPmVULO0Dz2w98+7uSbmFmXlJOOZjKCk/q0ou4Bi0gK6lQ8/fKleNJLJ0x8Vx0WPYZgz6109RkTYznMl2HSIZEcNp81PxQvr66Vumc8ZO+OXWbNyY064/LXFJB7sEA57r4ccHHkH5+FCKFQJzCA=,iv:Ki0MCTJ8jwogDNL71kiMY4EGrfBorxB2rpBJAid6QOQ=,tag:q/mfK3Dm0KFnK4AHjzsP7g==,type:str]
|
||||||
openvpn:
|
openvpn:
|
||||||
credentials: ENC[AES256_GCM,data:nAA+4lB8fh64AQaG1CJyNIUSvn9mIGfIKHSFbImPzAdFRQPDnKOEQFe+/qXNswXYWHU0DdvnPA==,iv:sLZRPrDtSnx0AvKcC/DTces/Il+l0Nl1kRrnXj8X4WQ=,tag:RHenD6WATKuibxMj2LFPWw==,type:str]
|
credentials: ENC[AES256_GCM,data:AZRmAhGhqsCs650ExArM0nVX,iv:Y6vTMjIC5s4gIwDWgYfEOUPGScPpj4jhk4XYeyRjpUw=,tag:vkob+Q+Mv6O2GCFvY+adRw==,type:str]
|
||||||
borg:
|
borg:
|
||||||
passphrase: ENC[AES256_GCM,data:RNUTb29sOdsg4KnB/0nIFGJFV/2nlMH4pxGFlgXdtTgDe2opT/moUg==,iv:6kdBeq+qFWnPB+N+zpKNdFkmkskOVMabdj8Uxk9QeQI=,tag:MxNqn5p9P0JpsjkNm9iYEQ==,type:str]
|
passphrase: ENC[AES256_GCM,data:RNUTb29sOdsg4KnB/0nIFGJFV/2nlMH4pxGFlgXdtTgDe2opT/moUg==,iv:6kdBeq+qFWnPB+N+zpKNdFkmkskOVMabdj8Uxk9QeQI=,tag:MxNqn5p9P0JpsjkNm9iYEQ==,type:str]
|
||||||
client_keys:
|
client_keys:
|
||||||
|
|
@ -50,8 +50,8 @@ sops:
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age: []
|
age: []
|
||||||
lastmodified: "2022-07-27T00:04:51Z"
|
lastmodified: "2022-07-27T03:05:41Z"
|
||||||
mac: ENC[AES256_GCM,data:I1z+7HZP7JEICEGa93mJ1qGysNVBJWyb8LsjuioFdsoKLy4B0wexdpRnB/gNSdEO/D18jAxMfMBwNd5zpI68O7Z0u1tCK0APog2anJYcd3KWMJ0eo5FNk3AsASOUoB/9H4Mcv224MsMyDtCVvxaJ8Ql0HtbfDZu/B0Hxd+kQJgw=,iv:HN65bOS26p3qVtNwP6u27RpdPFD6dobVSxnZhIcAvb4=,tag:3EBGuuq+vKyGn+N4jfp9yA==,type:str]
|
mac: ENC[AES256_GCM,data:vImmhxK93ubN/gTPtKkWrzPp+9ipU+WtggD0zODTZgNmzrtWOtEisUTA3sjMHKtuliK26Y73BjR8l44My8UpMsKCcAQAa+IHZHNZW7/VyKM7cRU71Eav+SGWMpCUHBTLZCfBIVMC0GyNcajGJypDUTh1ETpj7TV9NKysx1ocBhM=,iv:7JoI6/q46+iI1onRNnLfxZUEDZo4rMhzhnZVn6YbU+g=,tag:NOJGXv2Sx8kvJcRPoQslnw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2021-11-29T00:57:34Z"
|
- created_at: "2021-11-29T00:57:34Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue