servo: bridge to doof.net
This commit is contained in:
parent
cfedcc91bd
commit
3b99bb497b
|
@ -38,6 +38,37 @@ in
|
|||
# FallbackDNS=1.1.1.1 9.9.9.9
|
||||
# '';
|
||||
|
||||
# tun-sea config
|
||||
networking.wireguard.interfaces.wg-doof = let
|
||||
ip = "${pkgs.iproute2}/bin/ip";
|
||||
in {
|
||||
privateKeyFile = config.sops.secrets.wg_doof_privkey.path;
|
||||
# wg is active only in this namespace.
|
||||
# run e.g. ip netns exec doof <some command like ping/curl/etc, it'll go through wg>
|
||||
# sudo ip netns exec doof ping www.google.com
|
||||
interfaceNamespace = "doof";
|
||||
ips = [
|
||||
"205.201.63.12/32"
|
||||
"2602:fce8:106::/64"
|
||||
];
|
||||
peers = [
|
||||
{
|
||||
publicKey = "nuESyYEJ3YU0hTZZgAd7iHBz1ytWBVM5PjEL1VEoTkU=";
|
||||
# TODO: configure DNS within the doof ns and use tun-sea.doof.net endpoint
|
||||
# endpoint = "tun-sea.doof.net:53263";
|
||||
endpoint = "205.201.63.44:53263";
|
||||
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||
persistentKeepalive = 25; #< keep the NAT alive
|
||||
}
|
||||
];
|
||||
preSetup = ''
|
||||
${ip} netns add doof || (test -e /run/netns/doof && echo "doof already exists")
|
||||
'';
|
||||
postShutdown = ''
|
||||
${ip} netns delete doof || echo "couldn't delete doof"
|
||||
'';
|
||||
};
|
||||
|
||||
# OVPN CONFIG (https://www.ovpn.com):
|
||||
# DOCS: https://nixos.wiki/wiki/WireGuard
|
||||
# if you `systemctl restart wireguard-wg-ovpns`, make sure to also restart any other services in `NetworkNamespacePath = .../ovpns`.
|
||||
|
|
32
secrets/servo/wg_doof_privkey.bin
Normal file
32
secrets/servo/wg_doof_privkey.bin
Normal file
|
@ -0,0 +1,32 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:lkTVvy1+e3CmXafngZfU9YMAhDAyUs2EAAKyllxU7pecbn1xMOkCYa1Yikcl,iv:5izufYHrTMemzTZCCK8E/aBJIW1qW5um/R2T6cbhpPo=,tag:1IgerPUitDhGRGOhtfn4uQ==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNjhROXVWaVFPNEhwSW9l\nSzhhYjBqNGprYnJOd3hEdmw3WFJhcUV3cURRCjJ5SllBRkZ2clFNa1NZZjRMc1lw\nblg5dkJSQUlRMHBVZEFlWi9tM1R0dncKLS0tIDdYVll3d3NXVVJoS1d3Z3lIZHdq\nTDdieDZGamFTbEdHNHh1eG1zclFVUlEK0ovxvMBUQOPjhN5wiObigQQVh66+e9iB\nMqJ7vZQzseu1Kw6DgnTXla7f90KNpOv4N9i1wK5ZSuR1yHKuBHkR2Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETTdYVEdBQ0x6anZ1MEFY\nbzlXVmU4Q3FuRXd6eDJieXJ5UnpTWjIzdm5NCjhwNFJZU3lxbGV4dUFPRU03aWhr\neVBaaUplN3J0QWlGUjNPRUsxQXJ0RVUKLS0tIHNnY2tMVkRNRU92T0htbk1JN0ho\nU0MxakdBcGxJZkFDTjNWSjFsZFlneTgK3mPTbmhqnMAP7u2dMcpSgCEKrZ6zaehM\nYTSFA08FCWZ7JC4IzDss6Cgo0yYTqtDADPsYrVFzWV4WUQgyQKNDZA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnNUhuSVZpcGpDUllJZ3Bj\nOFJ4aG9HQTVTSTNLWHdDNmJic0tFMVhnRTMwCkVObVhWMlMyMmRmN1hubEhLdDJi\nR0ZzZ2xyMjJBL3JTT2x1N3ZZejZKMmsKLS0tIHhLZUYyMzV6Wll0a3d5WENwd0s1\nODFZcXpkcjJ5bFh4a3hIWExhYTAwSVUKSKbYAyHXy6zThxBbR4Zt51x/mPwHn5bd\nX1cwRoOHJh2PgXfXhhWWPel9j3oK+MWwdOJAfB2ug25L7Rawdnx5BQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4aUtSaTRIMyt4V3VGQTBa\ndnJ4SVR5b0JtZ21Ea1d5emxzRml5T05TNlZrCjY3RHB5bmc2dStRU0lzU0Q3TkZF\ndll4WURxdUFsUkM5b0NOalR5REY1bDQKLS0tIGtVR0ZzbmN2OTNrWFYyQmN2QTFT\nSlR0dEJiU2t6UkFvMHBWaW1sLzFSaFkKyeOtKY+KdkpBHdl2jvyRbRJdYcgkR2HZ\nuwIsMXjy929OFrX8iKI1JAXDZF2AOhzUMba9IR2+yipCgev11hXnhA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-05-20T04:17:15Z",
|
||||
"mac": "ENC[AES256_GCM,data:Ct77I+3tD7u+j2lDuRhngQQ50fqfPFEsOJRfSj71HQmUTkyVdfiXceZijQ2ho526K17jrCU+srn6v3BWklFqefQbe7ox1yzNrMqLQB36u1NKHiov/2gnFLpeMi8b/yeKGzbEI5+02YiqILg+LKvc+1QHa8n6KVGCr/JcteLj+Tg=,iv:sk1GV03X2d5M7pH1K2CicQdoyJMOUsT2qEcAiCq9h5s=,tag:CgNVbdmqaUWk07xHSjkO/Q==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user