From 1fff5ae3724a811c6205e1e7abf5052e05412757 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 18 Dec 2017 21:26:45 +0100
Subject: [PATCH] ma nginx: add vpn-ws prototype

---
 makefu/2configs/nginx/euer.blog.vpn.nix | 35 +++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 makefu/2configs/nginx/euer.blog.vpn.nix

diff --git a/makefu/2configs/nginx/euer.blog.vpn.nix b/makefu/2configs/nginx/euer.blog.vpn.nix
new file mode 100644
index 000000000..b3db0bc60
--- /dev/null
+++ b/makefu/2configs/nginx/euer.blog.vpn.nix
@@ -0,0 +1,35 @@
+{pkgs, options, ... }:
+let
+  pkg = pkgs.vpn-ws;
+  uid = "nginx";
+  gid = "nginx";
+  ip = "${pkgs.iproute}/bin/ip";
+in {
+  services.nginx.virtualHosts."euer.krebsco.de".locations."/vpn" = {
+    # TODO client auth
+    extraConfig = ''
+      uwsgi_pass   unix:/run/vpn.sock;
+      include      ${pkgs.nginx}/conf/uwsgi_params;
+    '';
+  };
+
+  networking.interfaces.vpnws = {
+    virtual = true;
+    virtualType = "tap";
+  };
+  systemd.services.vpnws = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    serviceConfig = {
+      Restart = "always";
+      PrivateTmp = true;
+      ExecStartPre = pkgs.writeDash "vpnws-pre" ''
+        ${ip} link set vpnws up
+        ${ip} addr add 10.244.1.1/24 dev vpnws || :
+      '';
+      ExecStart = pkgs.writeDash "vpnws-start" ''
+        ${pkg}/bin/vpn-ws --tuntap vpnws /run/vpn.sock
+      '';
+    };
+  };
+}