From 255de1df52dd8bfad9907202e9c558a8fdddd2de Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Tue, 26 Nov 2024 20:27:53 +0300
Subject: [PATCH] Vpn: Add a note on cert expirity configuration.

---
 container/Vpn.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/container/Vpn.nix b/container/Vpn.nix
index 4827a1fa..e35a3b75 100644
--- a/container/Vpn.nix
+++ b/container/Vpn.nix
@@ -1,6 +1,7 @@
 # easyrsa init-pki
 # easyrsa build-ca
 # easyrsa build-server-full <SERVER_NAME> nopass
+# export EASYRSA_CERT_EXPIRE=36500
 # easyrsa build-client-full <CLIENT_NAME> nopass
 # openssl dhparam -out dh2048.pem 2048
 # Don't forget to set tls hostname on the client to match SERVER_NAME *AND* disable ipv6 ?