london: try wg1ns with VPN
This commit is contained in:
parent
c4ab35fa7f
commit
2d0dbe24dd
GPG key ID:
5E7F2CE1BEAFED3D
|
|
@ -1,4 +1,4 @@
|
||||||
{ extraInfo, ... }:
|
{ extraInfo, pkgs, ... }:
|
||||||
{
|
{
|
||||||
services.jellyfin.enable = true;
|
services.jellyfin.enable = true;
|
||||||
services.nginx.virtualHosts.${extraInfo.jellyfinURI} = {
|
services.nginx.virtualHosts.${extraInfo.jellyfinURI} = {
|
||||||
|
|
@ -36,5 +36,24 @@
|
||||||
systemd.services.deluged.bindsTo = [ "wireguard-wg1.service" ];
|
systemd.services.deluged.bindsTo = [ "wireguard-wg1.service" ];
|
||||||
systemd.services.deluged.requires = [ "network-online.target" ];
|
systemd.services.deluged.requires = [ "network-online.target" ];
|
||||||
systemd.services.deluged.serviceConfig.NetworkNamespacePath = "/var/run/netns/wg1ns";
|
systemd.services.deluged.serviceConfig.NetworkNamespacePath = "/var/run/netns/wg1ns";
|
||||||
systemd.services.deluged.serviceConfig.PrivateNetwork = true;
|
systemd.services.deluged.serviceConfig.PrivateNetwork = false;
|
||||||
|
|
||||||
|
systemd.sockets.deluged-proxy = {
|
||||||
|
description = "Socket for deluge-web to deluged in network namespace";
|
||||||
|
listenStreams = [ "58846" ];
|
||||||
|
wantedBy = [ "sockets.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.deluged-proxy = {
|
||||||
|
description = "Proxy for deluge-web to deluged in network namespace";
|
||||||
|
requires = [ "deluged.service" "deluged-proxy.socket" ];
|
||||||
|
after = [ "deluged.service" "deluged-proxy.socket" ];
|
||||||
|
unitConfig.JoinsNamespaceOf = "deluged.service";
|
||||||
|
serviceConfig = {
|
||||||
|
User = "deluge";
|
||||||
|
Group = "deluge";
|
||||||
|
ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd 127.0.0.1:58846";
|
||||||
|
PrivateNetwork = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
wg0_private: ENC[AES256_GCM,data:nuHHAwi+l9BQ8oJupm+i47EbfFc62QZXDeATeE+23RAEq/grJ/bN6sTn/o4=,iv:hZQAvvcCe2DOTvM1mABB26PsEqw8jpQUNhGbBaK/l0I=,tag:9VMaJys4IzelbBdCDuiy0Q==,type:str]
|
wg0_private: ENC[AES256_GCM,data:nuHHAwi+l9BQ8oJupm+i47EbfFc62QZXDeATeE+23RAEq/grJ/bN6sTn/o4=,iv:hZQAvvcCe2DOTvM1mABB26PsEqw8jpQUNhGbBaK/l0I=,tag:9VMaJys4IzelbBdCDuiy0Q==,type:str]
|
||||||
wg1_private: ENC[AES256_GCM,data:Ly3C3TQB2Aul40m/wk+mr5C2zviMhiNFfqTHknjJ4v4V09XA0XeyHtHo0ro=,iv:ph3vEIuI3F3B3eHLtu8Kfwv9Z7DdC2c+qphDn+Vn+CM=,tag:ntISjElZZB0PHtwC0mi+AA==,type:str]
|
wg1_private: ENC[AES256_GCM,data:tpetT5qyude2G1hRt4lPONhJMSSdHt6V92yY/NhgeZRQkZZg9WIdHAMI2JM=,iv:78Sn0Thki4LkHBM37x618Oc3FjztYoXEzMSoRQGmnFk=,tag:RV9cYT1A68gBrPpwS0npIg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -15,8 +15,8 @@ sops:
|
||||||
b00xT3ZHWTJBNFlUbTUrRjlVV0FoM1UKtfWg4R4Y28r2w8MYp1B1yhFEOBT8rEkz
|
b00xT3ZHWTJBNFlUbTUrRjlVV0FoM1UKtfWg4R4Y28r2w8MYp1B1yhFEOBT8rEkz
|
||||||
P5qEP0p1i/zXlglaxxXTiQSuloG1Fwi2l5VGrhm6Hse07u3fEmS2VQ==
|
P5qEP0p1i/zXlglaxxXTiQSuloG1Fwi2l5VGrhm6Hse07u3fEmS2VQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-12-10T17:25:27Z"
|
lastmodified: "2024-01-23T20:36:26Z"
|
||||||
mac: ENC[AES256_GCM,data:JRk9QRRq0+UxenGSm2qwLZ+dJmCPG7QROCfmyByaOpdxOIi6CQQV03vHUPx50mTj4VeeAYAa/2LVWiot37kkQ/W8XzPJowG9f6iLcqriusU4BorAVEHwv0q4Pa9Wf8f+CbqALCwxdUAK9ehXl6TGzbiaqiENWXI4reMIovDKdnI=,iv:OWni9uRrAUFKeJAWMVbN6P4MFumoR13r75GZS7f+gE8=,tag:hAytWM5OvGa0Tg1vv+vqpA==,type:str]
|
mac: ENC[AES256_GCM,data:eMjDz1U9qwSG1X08Ebng03vbQBUsQXrG5/NPrp6exNVVQ3+aHKLU7tTmWJjVVYGN90zxiZSr45ywfJmWi6SfWCtQL3oDsbnrdbwWtB4OXiIDsnXFIYtvSHXUZOazutSOaP8Xgc8jjjCht15QXZ4VWYz9Yh2rRvIBCG3sszlHFB4=,iv:qXt8kDHTSLda1IqAnzFHHdkGHiSESF0F1ZGjlO0GMMc=,tag:Bs4d7kQ3suzKVGJeYENHOA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-12-10T17:24:42Z"
|
- created_at: "2023-12-10T17:24:42Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
|
||||||
|
|
@ -41,13 +41,15 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.wireguard.interfaces.wg1 = {
|
networking.wireguard.interfaces.wg1 = {
|
||||||
ips = [ "10.100.0.7" ];
|
ips = [ extraInfo.wireguard.VPNAddress ];
|
||||||
listenPort = 51821;
|
listenPort = 51821;
|
||||||
privateKeyFile = config.sops.secrets.wg1_private.path;
|
privateKeyFile = config.sops.secrets.wg1_private.path;
|
||||||
interfaceNamespace = "wg1ns";
|
interfaceNamespace = "wg1ns";
|
||||||
|
|
||||||
preSetup = ''
|
preSetup = ''
|
||||||
ip netns add wg1ns
|
ip netns add wg1ns
|
||||||
|
ip netns exec wg1ns ip addr add 127.0.0.1/8 dev lo
|
||||||
|
ip netns exec wg1ns ip link set lo up
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -57,8 +59,8 @@
|
||||||
|
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
publicKey = "x45YsLDpMJw1pwKOvkyzdesen3lFcKpxCXACGz+xtDs=";
|
publicKey = extraInfo.wireguard.VPNPublicKey;
|
||||||
endpoint = "${extraInfo.wireguard.VPSEndpoint}:51820";
|
endpoint = extraInfo.wireguard.VPNEndpoint;
|
||||||
allowedIPs = [ "0.0.0.0/0" ];
|
allowedIPs = [ "0.0.0.0/0" ];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
44
flake.lock
44
flake.lock
|
|
@ -2,11 +2,11 @@
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"extra-config": {
|
"extra-config": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700766928,
|
"lastModified": 1706042896,
|
||||||
"narHash": "sha256-51CdrRn4GCgIasA12nhUCXeK2seLehVhqfNyxCkFg/g=",
|
"narHash": "sha256-JdvXtSE8ZC9xq195DE1yB7Vld5eT6QA+zRn0DXtw5h4=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "d658774d4981a81dbcff24732bbd5d738ea541b8",
|
"rev": "6043cbff89e39769a034512d936156f090c7e747",
|
||||||
"revCount": 2,
|
"revCount": 3,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@git.sr.ht/~dala/extra-config"
|
"url": "ssh://git@git.sr.ht/~dala/extra-config"
|
||||||
},
|
},
|
||||||
|
|
@ -20,11 +20,11 @@
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701680307,
|
"lastModified": 1705309234,
|
||||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -40,11 +40,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704100519,
|
"lastModified": 1706001011,
|
||||||
"narHash": "sha256-SgZC3cxquvwTN07vrYYT9ZkfvuhS5Y1k1F4+AMsuflc=",
|
"narHash": "sha256-J7Bs9LHdZubgNHZ6+eE/7C18lZ1P6S5/zdJSdXFItI4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "6e91c5df192395753d8e6d55a0352109cb559790",
|
"rev": "3df2a80f3f85f91ea06e5e91071fa74ba92e5084",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -55,11 +55,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703992652,
|
"lastModified": 1705916986,
|
||||||
"narHash": "sha256-C0o8AUyu8xYgJ36kOxJfXIroy9if/G6aJbNOpA5W0+M=",
|
"narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "32f63574c85fbc80e4ba1fbb932cde9619bad25e",
|
"rev": "d7f206b723e42edb09d9d753020a84b3061a79d8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -71,11 +71,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable_2": {
|
"nixpkgs-stable_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703950681,
|
"lastModified": 1705033721,
|
||||||
"narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=",
|
"narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0aad9113182747452dbfc68b93c86e168811fa6c",
|
"rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -87,11 +87,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703637592,
|
"lastModified": 1705856552,
|
||||||
"narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=",
|
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8",
|
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -119,11 +119,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703991717,
|
"lastModified": 1705805983,
|
||||||
"narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=",
|
"narHash": "sha256-HluB9w7l75I4kK25uO4y6baY4fcDm2Rho0WI1DN2Hmc=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6",
|
"rev": "ae171b54e76ced88d506245249609f8c87305752",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue