fix(helmfile): deploy sidecar for DNS (#52)

Signed-off-by: Chris Gianelloni <[email protected]>

Author: wolf31o2

helmfile-app/helmfile-vpn.yaml.gotmpl

@@ -69,7 +69,7 @@ releases:
   - name: vpn-{{ $key }}
     namespace: vpn-{{ $key }}
     chart: oci://ghcr.io/blinklabs-io/helm-charts/charts/openvpn
-    version: 0.7.1
+    version: 0.8.1
     labels:
       app: vpn-{{ $key }}
     condition: vpn.enabled

helmfile-app/vpn/templates/vpn-instance.yaml.gotmpl

@@ -23,23 +23,30 @@ configFiles:
       port {{ .port }}
       proto {{ .proto }}
       dev tun
+      persist-key
+      persist-tun
       server {{ .network }} {{ .mask }}
       dh dh.pem
       ca ca.crt
       cert server.crt
       key server.key
       crl-verify crl/crl.pem
+      tls-server
+      remote-cert-tls client
+      tls-version-min 1.2
+      tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
+      auth SHA256
       topology subnet
       # This path matches the default from the helm chart
       status /var/tmp/openvpn/openvpn-status.log
       status-version 2
-      # ns1 and ns2
-      push "dhcp-option DNS 34.67.9.70"
-      push "dhcp-option DNS 34.135.129.215"
+      push "dhcp-option DNS 10.8.0.1"
       push "register-dns"
+      push "block-outside-dns"
       push "redirect-gateway def1"
       user nobody
       group nogroup
+      keepalive 10 120
 
   - name: ca.crt
     content: |-

helmfile-app/vpn/values.instance.yaml

@@ -8,5 +8,18 @@ metrics:
   service:
     enabled: true
 
+bind:
+  enabled: true
+  resources:
+    requests:
+      memory: 256M
+      cpu: 250m
+    limits:
+      memory: 256M
+      cpu: 500m
+  env:
+    # This is the "magic" IP that refers to the current VPC's resolver in EC2
+    dns_forwarder: 169.254.169.253
+
 image:
   tag: '0.4.0'