colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

sane.programs: provide sandbox.net = "vpn.wg-home" to tunnel through my home ISP

Browse Source
This commit is contained in:
Colin
2024-07-05 20:18:34 +00:00
parent 6d66a5dbf8
commit a12aa02655
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
modules/programs/default.nix
View File

@@ -42,7 +42,13 @@ let
# makeSandboxed = pkgs.callPackage ./make-sandboxed.nix { sanebox = config.sane.programs.sanebox.package; }; # makeSandboxed = pkgs.callPackage ./make-sandboxed.nix { sanebox = config.sane.programs.sanebox.package; };
makeSandboxed = pkgs.callPackage ./make-sandboxed.nix { }; makeSandboxed = pkgs.callPackage ./make-sandboxed.nix { };
vpn = lib.findSingle (v: v.default) null null (builtins.attrValues config.sane.vpn); vpn = if sandbox.net == "vpn" then
lib.findSingle (v: v.default) null null (builtins.attrValues config.sane.vpn)
else if sandbox.net == "vpn.wg-home" then
config.sane.vpn.wg-home
else
null
;
allowedHomePaths = builtins.attrNames fs ++ builtins.attrNames persist.byPath ++ sandbox.extraHomePaths; allowedHomePaths = builtins.attrNames fs ++ builtins.attrNames persist.byPath ++ sandbox.extraHomePaths;
allowedRunPaths = sandbox.extraRuntimePaths; allowedRunPaths = sandbox.extraRuntimePaths;
@@ -73,15 +79,15 @@ let
method method
whitelistPwd whitelistPwd
; ;
netDev = if sandbox.net == "vpn" then netDev = if vpn != null then
vpn.name vpn.name
else else
sandbox.net; sandbox.net;
netGateway = if sandbox.net == "vpn" then netGateway = if vpn != null then
vpn.addrV4 vpn.addrV4
else else
null; null;
dns = if sandbox.net == "vpn" then dns = if vpn != null then
vpn.dns vpn.dns
else else
null; null;
@@ -261,7 +267,7 @@ let
type = types.coercedTo type = types.coercedTo
types.str types.str
(s: if s == "clearnet" || s == "localhost" then "all" else s) (s: if s == "clearnet" || s == "localhost" then "all" else s)
(types.enum [ null "all" "vpn" ]); (types.enum [ null "all" "vpn" "vpn.wg-home" ]);
default = null; default = null;
description = '' description = ''
how this app should have its network traffic routed. how this app should have its network traffic routed.
@@ -271,6 +277,7 @@ let
- "localhost": only needs access to other services running on this host. - "localhost": only needs access to other services running on this host.
currently, just an alias for "all". currently, just an alias for "all".
- "vpn": to route all traffic over the default VPN. - "vpn": to route all traffic over the default VPN.
- "vpn.wg-home": to route all traffic over the wg-home VPN.
- null: to maximally isolate from the network. - null: to maximally isolate from the network.
''; '';
}; };