dotfiles/modules/profiles/webis.nix

{ lib
, config
, ...
}:

with lib;
let
  cfg = config.my.profiles.webis;
in

{
  options.my.profiles.webis.enable = mkEnableOption "webis profile";

  config = mkIf cfg.enable {
    my.programs.ssh.includeSecrets = [ ../../secrets/webis-ssh.age ];
    age.secrets.webis = {
      file = ../../secrets/webis.age;
      name = "webis.ovpn";
    };
    services.openvpn.servers = {
      webis = {
        config = "config /run/agenix/webis.ovpn";
        autoStart = false;
        updateResolvConf = true;
      };
    };
  };
}