{ config, pkgs, ... }: let client-key = "/home/sezycei/srv/sec/openvpn/James/laptop.key"; domain = "matri.cx"; port = 1194; in { services.openvpn.servers.laptop.config = '' dev tun0 proto udp ifconfig 10.8.0.1 10.8.0.2 secret ${client-key} port ${toString port} cipher AES-256-CBC auth-nocache comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key ''; environment.etc."openvpn/laptop-client.ovpn" = { text = '' dev tun remote "${domain}" ifconfig 10.8.0.2 10.8.0.1 port ${toString port} redirect-gateway def1 cipher AES-256-CBC auth-nocache comp-lzo keepalive 10 60 resolv-retry infinite nobind persist-key persist-tun secret [inline] ''; mode = "600"; }; system.activationScripts.openvpn-addkey = '' f="/etc/openvpn/laptop-client.ovpn" if ! grep -q '' $f; then echo "appending secret key" echo "" >> $f cat ${client-key} >> $f echo "" >> $f fi ''; }