asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixy/wireguard: add proton vpn with network namespace

Browse Source
This commit is contained in:
Asmir A 2024-05-12 15:43:03 +02:00
parent 390d3a3ddb
commit cfc66a92cb
Signed by: asmir
GPG Key ID: 020C42B7A9ABA3E2
1 changed files with 48 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
nixy/configuration.nix
View File

@ -35,6 +35,10 @@
sopsFile = ./secrets/wg_privkey_proton.yaml; sopsFile = ./secrets/wg_privkey_proton.yaml;
}; };
"wg_endpoint_proton" = {
sopsFile = ./secrets/wg_privkey_proton.yaml;
};
"borgbase_enc_key" = { "borgbase_enc_key" = {
sopsFile = ./secrets/borgbase_enc_key.yaml; sopsFile = ./secrets/borgbase_enc_key.yaml;
owner = config.users.users.akill.name; owner = config.users.users.akill.name;
@ -148,19 +152,6 @@
} }
]; ];
}; };
proton = {
ips = [ "10.2.0.2/32" ];
privateKeyFile = config.sops.secrets."wg_privkey_proton".path;
peers = [
{
publicKey = builtins.readFile ../common/wg_pubkey_proton;
allowedIPs = [ "10.2.0.0/24" ];
endpoint = "109.236.81.166:51820";
persistentKeepalive = 25;
}
];
};
}; };
}; };
@ -208,6 +199,50 @@
ExecStart = "${zremap.defaultPackage.${system}}/bin/zremap %I"; ExecStart = "${zremap.defaultPackage.${system}}/bin/zremap %I";
}; };
}; };
"netns@" = {
description = "%I network namespace";
before = ["network.target"];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.iproute}/bin/ip netns add %I";
ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
};
};
"wg_proton" = {
description = "wg network interface";
bindsTo = ["netns@wg.service"];
requires = ["network-online.target"];
after = ["netns@wg.service"];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writers.writeBash "wg-up" ''
set -e
ENDPOINT_IP=$(${pkgs.coreutils-full}/bin/cat "${config.sops.secrets."wg_endpoint_proton".path}")
${pkgs.iproute}/bin/ip link add proton_wg type wireguard
${pkgs.iproute}/bin/ip link set proton_wg netns wg
${pkgs.iproute}/bin/ip -n wg address add 10.2.0.2/32 dev proton_wg
${pkgs.iproute}/bin/ip netns exec wg \
${pkgs.wireguard-tools}/bin/wg set "proton_wg" private-key "${config.sops.secrets."wg_privkey_proton".path}"
${pkgs.iproute}/bin/ip netns exec wg \
${pkgs.wireguard-tools}/bin/wg set "proton_wg" peer "g6DkXWKI/68RsLjROIwCEcyB/ZhyK5Q7OWcz1TtqER0=" \
endpoint "$ENDPOINT_IP:51820" \
persistent-keepalive "25" \
allowed-ips "0.0.0.0/0"
${pkgs.iproute}/bin/ip -n wg link set lo up
${pkgs.iproute}/bin/ip -n wg link set proton_wg up
${pkgs.iproute}/bin/ip -n wg route add default dev proton_wg
'';
ExecStop = pkgs.writers.writeBash "wg-down" ''
${pkgs.iproute}/bin/ip -n wg route del default dev proton_wg
${pkgs.iproute}/bin/ip -n wg link del proton_wg
'';
};
};
}; };
extraConfig = '' extraConfig = ''