add us-atlanta VPN

2022-12-13 03:26:23 +00:00 · 2022-12-13 03:26:23 +00:00 · 0f5279bbca
commit 0f5279bbca
parent e9b3b7ebab
4 changed files with 27 additions and 2 deletions
--- a/hosts/common/vpn.nix
+++ b/hosts/common/vpn.nix
@ -20,6 +20,12 @@ let
    autostart = false;
  };
 in {
+  # to add a new OVPN VPN:
+  # - generate a privkey `wg genkey`
+  # - add this key to `sops secrets/universal.yaml`
+  # - upload pubkey to OVPN.com
+  # - generate config @ OVPN.com
+  # - copy the Address, PublicKey, Endpoint from OVPN's config
  networking.wg-quick.interfaces.ovpnd-us = def-ovpn {
    endpoint = "vpn31.prd.losangeles.ovpn.com:9929";
    publicKey = "VW6bEWMOlOneta1bf6YFE25N/oMGh1E1UFBCfyggd0k=";
@ -29,6 +35,15 @@ in {
      "fd00:0000:1337:cafe:1111:1111:ab00:4c8f/128"
    ];
  };
+  networking.wg-quick.interfaces.ovpnd-us-atlanta = def-ovpn {
+    endpoint = "vpn18.prd.atlanta.ovpn.com:9929";
+    publicKey = "Dpg/4v5s9u0YbrXukfrMpkA+XQqKIFpf8ZFgyw0IkE0=";
+    privateKeyFile = config.sops.secrets.wg_ovpnd_us_atlanta_privkey.path;
+    address = [
+      "172.21.182.178/32"
+      "fd00:0000:1337:cafe:1111:1111:cfcb:27e3/128"
+    ];
+  };

  networking.wg-quick.interfaces.ovpnd-ukr = def-ovpn {
    endpoint = "vpn96.prd.kyiv.ovpn.com:9929";
@ -43,6 +58,9 @@ in {
  sops.secrets."wg_ovpnd_us_privkey" = {
    sopsFile = ../../secrets/universal.yaml;
  };
+  sops.secrets."wg_ovpnd_us_atlanta_privkey" = {
+    sopsFile = ../../secrets/universal.yaml;
+  };
  sops.secrets."wg_ovpnd_ukr_privkey" = {
    sopsFile = ../../secrets/universal.yaml;
  };
--- a/pkgs/sane-scripts/src/sane-vpn-down
+++ b/pkgs/sane-scripts/src/sane-vpn-down
@ -7,6 +7,8 @@ ukr)
  iface=wg-quick-ovpnd-ukr;;
 us)
  iface=wg-quick-ovpnd-us;;
+us-atlanta)
+  iface=wg-quick-ovpnd-us-atlanta;;
 *)
  echo "invalid vpn name '$1'"; exit 1;;
 esac
--- a/pkgs/sane-scripts/src/sane-vpn-up
+++ b/pkgs/sane-scripts/src/sane-vpn-up
@ -7,6 +7,8 @@ ukr)
  iface=wg-quick-ovpnd-ukr;;
 us)
  iface=wg-quick-ovpnd-us;;
+us-atlanta)
+  iface=wg-quick-ovpnd-us-atlanta;;
 *)
  echo "invalid vpn name '$1'"; exit 1;;
 esac
--- a/secrets/universal.yaml
+++ b/secrets/universal.yaml
@ -1,4 +1,7 @@
+#ENC[AES256_GCM,data:3Swm4ixzL+sg9UVl0VWUq5HmXoLFFY2tkfCLeACB,iv:brZxrQmInGekhv+sX72Ne2ow1katiT4upDBuTPStLuA=,tag:ORcRds8Fo86S5DkAHeeGKw==,type:comment]
+#ENC[AES256_GCM,data:LA3vDETFSVN8HZ9dieFHAvV3oP4lmG2Hpiz50MF6NHpSf7mCLbgikTv7UFohKM3vLpU=,iv:rby8r8+ELAV5ZSxALxbRTeXn0u+gv8b5wlxLwbwHt2o=,tag:50csomwWpHmSvLEGiPBAdA==,type:comment]
 wg_ovpnd_us_privkey: ENC[AES256_GCM,data:5YkQ4r7HNWiRr/5pa1XfexxtJAz6kDjX+hNiZcheUWCXVIuK0/AuyzcdQ/0=,iv:vr1UHSlsWFnTwEfZj3pBLxvaibQxhSum3SL0Uaqtceo=,tag:dN2U+TkQAgJejgDDYIWdOA==,type:str]
+wg_ovpnd_us_atlanta_privkey: ENC[AES256_GCM,data:Drl4yylSy5+5BZoGPOQfWraYkem0k1huK6ryAu8SebH04A7wOkSKJyGs+i4=,iv:GpfscFYxGMJPzcx6HD3wn4Xwl0piC+Y6YRpEMnhbVuc=,tag:hFmLRbG97L/2hTouyWB9HQ==,type:str]
 wg_ovpnd_ukr_privkey: ENC[AES256_GCM,data:5zfhsZnBk0Kb9Nb/3igsV/fN0ZDjwTAGTKyMLMly/l7MlJe6MEmd5Lv+JT8=,iv:Mov9eUP8WfvzfZ6NljgLolJ49GSqR7eSV+k0dgE1+1I=,tag:O9UtGX2qt+qEvabcsA0vIA==,type:str]
 sops:
    kms: []
@ -78,8 +81,8 @@ sops:
            YmhsY0FaSW5oWVNJMlhUSDRCeWQ4KzAKaQp321XYtAZ98f4QMl5PxivAYm6VMF43
            wCThiQgvYAP59jvVDTZngvfWAD5PyWVVvMNbjHGvAzK5WnsTPmxlsg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-07-09T07:48:24Z"
-    mac: ENC[AES256_GCM,data:j5Rvh2EcWyi42lWhiKF5/t6isowgPZPqwHQIW+H6T7eb1YCRUusqnK69KSIBUvk/19ZXQXxcYqFSxilAEiuinKglXqmK5Tq2hSF+vJjqW9cunuPgeQl58GeA9PyjxrRo+HNjsXqGND9/fcZf+cqvZEQnhQdPE7mCzZaJ3kAXMKY=,iv:BsDIVtzO8nSStlKYYoFktZs2sRwVk5EgQ3GBkCk+1UE=,tag:pxQyFn6Y8bbDF9hQMJqTvA==,type:str]
+    lastmodified: "2022-12-13T03:19:57Z"
+    mac: ENC[AES256_GCM,data:uSwcWp5vC09pBjj6dnxwT+A1i12rrs6a4mGyS2lfahyQTCMwD6Fn3dzpkMYRVCRXQi4R6BUfLLVumU7KU3v8UOksPoiHp1T3W1Sibme7hZ6CuPfAVrT/nZPmNathz+CUuZ/pJHoGyY2fZKQMXWez7H1M2JcxueOKtwd1eXCqpvc=,iv:hv5PIflnnotxXRn/H0UuQ2f0r7RON55OV1vn45pJd7Y=,tag:mBnx097TtYE3f8d/br/J/w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3