net: update ovpn config
This commit is contained in:
parent
b5ce0f9fea
commit
09cb37dee2
18
cfg/net.nix
18
cfg/net.nix
|
@ -31,24 +31,28 @@
|
||||||
"9.9.9.9"
|
"9.9.9.9"
|
||||||
];
|
];
|
||||||
|
|
||||||
# OVPN CONFIG:
|
# OVPN CONFIG (https://www.ovpn.com):
|
||||||
# DOCS: https://nixos.wiki/wiki/WireGuard
|
# DOCS: https://nixos.wiki/wiki/WireGuard
|
||||||
networking.wireguard.enable = true;
|
networking.wireguard.enable = true;
|
||||||
networking.wireguard.interfaces.wg0 = {
|
networking.wireguard.interfaces.wg0 = {
|
||||||
privateKeyFile = "/etc/nixos/secrets/wireguard.private";
|
# to generate:
|
||||||
|
# wg genkey > /etc/nixos/secrets/wg0.private
|
||||||
|
# wg pubkey < /etc/nixos/secrets/wg0.private > /etc/nixos/secrets/wg0.public
|
||||||
|
privateKeyFile = "/etc/nixos/secrets/wg0.private";
|
||||||
# wg is active only in this namespace.
|
# wg is active only in this namespace.
|
||||||
# run e.g. ip netns ovpns <some command like ping/curl/etc, it'll go through wg>
|
# run e.g. ip netns exec ovpns <some command like ping/curl/etc, it'll go through wg>
|
||||||
# note: without the namespace, you'll need to add a specific route through eth0 for the peer (185.157.162.7/32)
|
# sudo ip netns exec ovpns ping www.google.com
|
||||||
|
# note: without the namespace, you'll need to add a specific route through eth0 for the peer (185.157.162.178/32)
|
||||||
interfaceNamespace = "ovpns";
|
interfaceNamespace = "ovpns";
|
||||||
preSetup = "${pkgs.iproute2}/bin/ip netns add ovpns || true";
|
preSetup = "${pkgs.iproute2}/bin/ip netns add ovpns || true";
|
||||||
postShutdown = "${pkgs.iproute2}/bin/ip netns delete ovpns";
|
postShutdown = "${pkgs.iproute2}/bin/ip netns delete ovpns";
|
||||||
ips = [
|
ips = [
|
||||||
"185.157.162.190/32"
|
"185.157.162.178/32"
|
||||||
];
|
];
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
publicKey = "Qno+hILmJ8TZ6/PpOOhtspmncyILY2phiTBFaER9IFE=";
|
publicKey = "SkkEZDCBde22KTs/Hc7FWvDBfdOCQA4YtBEuC3n5KGs=";
|
||||||
endpoint = "vpn29.prd.amsterdam.ovpn.com:9930";
|
endpoint = "vpn36.prd.amsterdam.ovpn.com:9930";
|
||||||
allowedIPs = [ "0.0.0.0/0" ];
|
allowedIPs = [ "0.0.0.0/0" ];
|
||||||
# nixOS says this is important for keeping NATs active
|
# nixOS says this is important for keeping NATs active
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user