Currently I have a droplet at digitalocean which powers my OpenVPN as well as some other stuff.
I was able to cover “other stuff” by nixOps for now, but struggle with the OpenVPN.
The current OpenVPN is fully managed by some script I found online. This script creates and deletes certificates and key files as necessary, but I have to SSH into the machine to do so.
After I have created some new user or deleted one, I have to manually back up the new store, and I have to manually download and distribute the clientside config file from there for each individual client.
I’d prefer if there was a way to have all of this managed through nixOps, such that I just add a VPN user in the nixOps config, run a deploy
and then everything happens manually, having all files I need for the client locally available.
Is there something for nixOps that would make this possible?
PS: I’m in no way fixed to OpenVPN, I’d be fine with any VPN service that I could run on the droplet and that I could use on nixOS, Arch Linux and Windows clients, either through NetworkManager, Windows Network Settings or Client Software (which is allowed to be propretiary, but shouldn’t cost much).