servo: rename wg0 interface -> wg-ovpns
This commit is contained in:
parent
0fb8e2c867
commit
be29ad8bd8
|
@ -52,18 +52,18 @@
|
||||||
|
|
||||||
# services.resolved.extraConfig = ''
|
# services.resolved.extraConfig = ''
|
||||||
# # docs: `man resolved.conf`
|
# # docs: `man resolved.conf`
|
||||||
# # DNS servers to use via the `wg0` interface.
|
# # DNS servers to use via the `wg-ovpns` interface.
|
||||||
# # i hope that from the root ns, these aren't visible.
|
# # i hope that from the root ns, these aren't visible.
|
||||||
# DNS=46.227.67.134%wg0 192.165.9.158%wg0
|
# DNS=46.227.67.134%wg-ovpns 192.165.9.158%wg-ovpns
|
||||||
# FallbackDNS=1.1.1.1 9.9.9.9
|
# FallbackDNS=1.1.1.1 9.9.9.9
|
||||||
# '';
|
# '';
|
||||||
|
|
||||||
# OVPN CONFIG (https://www.ovpn.com):
|
# OVPN CONFIG (https://www.ovpn.com):
|
||||||
# DOCS: https://nixos.wiki/wiki/WireGuard
|
# DOCS: https://nixos.wiki/wiki/WireGuard
|
||||||
# if you `systemctl restart wireguard-wg0`, make sure to also restart any other services in `NetworkNamespacePath = .../ovpns`.
|
# if you `systemctl restart wireguard-wg-ovpns`, make sure to also restart any other services in `NetworkNamespacePath = .../ovpns`.
|
||||||
# TODO: why not create the namespace as a seperate operation (nix config for that?)
|
# TODO: why not create the namespace as a seperate operation (nix config for that?)
|
||||||
networking.wireguard.enable = true;
|
networking.wireguard.enable = true;
|
||||||
networking.wireguard.interfaces.wg0 = let
|
networking.wireguard.interfaces.wg-ovpns = let
|
||||||
ip = "${pkgs.iproute2}/bin/ip";
|
ip = "${pkgs.iproute2}/bin/ip";
|
||||||
in-ns = "${ip} netns exec ovpns";
|
in-ns = "${ip} netns exec ovpns";
|
||||||
iptables = "${pkgs.iptables}/bin/iptables";
|
iptables = "${pkgs.iptables}/bin/iptables";
|
||||||
|
|
|
@ -7,8 +7,8 @@
|
||||||
];
|
];
|
||||||
services.jackett.enable = true;
|
services.jackett.enable = true;
|
||||||
|
|
||||||
systemd.services.jackett.after = [ "wireguard-wg0.service" ];
|
systemd.services.jackett.after = [ "wireguard-wg-ovpns.service" ];
|
||||||
systemd.services.jackett.partOf = [ "wireguard-wg0.service" ];
|
systemd.services.jackett.partOf = [ "wireguard-wg-ovpns.service" ];
|
||||||
systemd.services.jackett.serviceConfig = {
|
systemd.services.jackett.serviceConfig = {
|
||||||
# run this behind the OVPN static VPN
|
# run this behind the OVPN static VPN
|
||||||
NetworkNamespacePath = "/run/netns/ovpns";
|
NetworkNamespacePath = "/run/netns/ovpns";
|
||||||
|
|
|
@ -110,8 +110,8 @@ in
|
||||||
services.postfix.enableSubmissions = true;
|
services.postfix.enableSubmissions = true;
|
||||||
services.postfix.submissionsOptions = submissionOptions;
|
services.postfix.submissionsOptions = submissionOptions;
|
||||||
|
|
||||||
systemd.services.postfix.after = [ "wireguard-wg0.service" ];
|
systemd.services.postfix.after = [ "wireguard-wg-ovpns.service" ];
|
||||||
systemd.services.postfix.partOf = [ "wireguard-wg0.service" ];
|
systemd.services.postfix.partOf = [ "wireguard-wg-ovpns.service" ];
|
||||||
systemd.services.postfix.serviceConfig = {
|
systemd.services.postfix.serviceConfig = {
|
||||||
# run this behind the OVPN static VPN
|
# run this behind the OVPN static VPN
|
||||||
NetworkNamespacePath = "/run/netns/ovpns";
|
NetworkNamespacePath = "/run/netns/ovpns";
|
||||||
|
@ -132,8 +132,8 @@ in
|
||||||
# keeping this the same as the hostname seems simplest
|
# keeping this the same as the hostname seems simplest
|
||||||
services.opendkim.selector = "mx";
|
services.opendkim.selector = "mx";
|
||||||
|
|
||||||
systemd.services.opendkim.after = [ "wireguard-wg0.service" ];
|
systemd.services.opendkim.after = [ "wireguard-wg-ovpns.service" ];
|
||||||
systemd.services.opendkim.partOf = [ "wireguard-wg0.service" ];
|
systemd.services.opendkim.partOf = [ "wireguard-wg-ovpns.service" ];
|
||||||
systemd.services.opendkim.serviceConfig = {
|
systemd.services.opendkim.serviceConfig = {
|
||||||
# run this behind the OVPN static VPN
|
# run this behind the OVPN static VPN
|
||||||
NetworkNamespacePath = "/run/netns/ovpns";
|
NetworkNamespacePath = "/run/netns/ovpns";
|
||||||
|
|
|
@ -40,8 +40,8 @@
|
||||||
# transmission will by default not allow the world to read its files.
|
# transmission will by default not allow the world to read its files.
|
||||||
services.transmission.downloadDirPermissions = "775";
|
services.transmission.downloadDirPermissions = "775";
|
||||||
|
|
||||||
systemd.services.transmission.after = [ "wireguard-wg0.service" ];
|
systemd.services.transmission.after = [ "wireguard-wg-ovpns.service" ];
|
||||||
systemd.services.transmission.partOf = [ "wireguard-wg0.service" ];
|
systemd.services.transmission.partOf = [ "wireguard-wg-ovpns.service" ];
|
||||||
systemd.services.transmission.serviceConfig = {
|
systemd.services.transmission.serviceConfig = {
|
||||||
# run this behind the OVPN static VPN
|
# run this behind the OVPN static VPN
|
||||||
NetworkNamespacePath = "/run/netns/ovpns";
|
NetworkNamespacePath = "/run/netns/ovpns";
|
||||||
|
|
|
@ -10,4 +10,4 @@ sudo systemctl stop postgresql
|
||||||
sudo systemctl stop duplicity.timer
|
sudo systemctl stop duplicity.timer
|
||||||
sudo systemctl stop duplicity
|
sudo systemctl stop duplicity
|
||||||
sudo systemctl stop trust-dns
|
sudo systemctl stop trust-dns
|
||||||
sudo systemctl stop wireguard-wg0
|
sudo systemctl stop wireguard-wg-ovpns
|
||||||
|
|
Loading…
Reference in New Issue
Block a user