colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

servo: doof net: add the capability to forward ports

Browse Source
This commit is contained in:
Colin 2024-06-17 06:58:06 +00:00
parent 7825ddc123
commit 456e0de872
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
hosts/by-name/servo/net.nix
View File

@ -10,6 +10,13 @@ let
whether to forward inbound traffic on the OVPN vpn port to the corresponding localhost port. whether to forward inbound traffic on the OVPN vpn port to the corresponding localhost port.
''; '';
}; };
visibleTo.doof = mkOption {
type = types.bool;
default = false;
description = ''
whether to forward inbound traffic on the doofnet vpn port to the corresponding localhost port.
'';
};
}; };
}; };
@ -113,19 +120,15 @@ in
# tun-sea config # tun-sea config
sane.dns.zones."uninsane.org".inet.A."doof.tunnel" = "205.201.63.12"; sane.dns.zones."uninsane.org".inet.A."doof.tunnel" = "205.201.63.12";
sane.dns.zones."uninsane.org".inet.AAAA."doof.tunnel" = "2602:fce8:106::51"; # sane.dns.zones."uninsane.org".inet.AAAA."doof.tunnel" = "2602:fce8:106::51"; #< TODO: enable IPv6
networking.wireguard.interfaces.wg-doof = let networking.wireguard.interfaces.wg-doof = bridgedWireguardNamespace {
ip = "${pkgs.iproute2}/bin/ip";
in {
privateKeyFile = config.sops.secrets.wg_doof_privkey.path; privateKeyFile = config.sops.secrets.wg_doof_privkey.path;
# wg is active only in this namespace. # wg is active only in this namespace.
# run e.g. ip netns exec doof <some command like ping/curl/etc, it'll go through wg> # run e.g. ip netns exec doof <some command like ping/curl/etc, it'll go through wg>
# sudo ip netns exec doof ping www.google.com # sudo ip netns exec doof ping www.google.com
interfaceNamespace = "doof"; name = "doof";
ips = [ ip4 = "205.201.63.12";
"205.201.63.12/32" # ip6 = "2602:fce8:106::51/128" #< TODO: enable IPv6
"2602:fce8:106::51/128"
];
peers = [ peers = [
{ {
publicKey = "nuESyYEJ3YU0hTZZgAd7iHBz1ytWBVM5PjEL1VEoTkU="; publicKey = "nuESyYEJ3YU0hTZZgAd7iHBz1ytWBVM5PjEL1VEoTkU=";
@ -136,12 +139,9 @@ in
persistentKeepalive = 25; #< keep the NAT alive persistentKeepalive = 25; #< keep the NAT alive
} }
]; ];
preSetup = ''
${ip} netns add doof || (test -e /run/netns/doof && echo "doof already exists") vethSubnet = "10.0.2"; #< 10.0.2.x is used for forwarding traffic between the root namespace and the VPN namespace
''; vpnDns = "1.1.1.1"; #< DNS requests inside the namespace are forwarded here (TODO: forward to the init namespace resolver)
postShutdown = ''
${ip} netns delete doof || echo "couldn't delete doof"
'';
}; };
# OVPN CONFIG (https://www.ovpn.com): # OVPN CONFIG (https://www.ovpn.com):