From e3e2af46a1dd7723094ae189bf0c3e9838b75514 Mon Sep 17 00:00:00 2001 From: Colin Date: Tue, 19 Sep 2023 15:29:47 +0000 Subject: [PATCH] define a new "vpn-servo" which allows routing all traffic out of servo, via wireguard --- hosts/common/vpn.nix | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/hosts/common/vpn.nix b/hosts/common/vpn.nix index fee42982..95e1b720 100644 --- a/hosts/common/vpn.nix +++ b/hosts/common/vpn.nix @@ -8,14 +8,9 @@ # - copy the Address, PublicKey, Endpoint from OVPN's config # N.B.: maximum interface name in Linux is 15 characters. let - def-ovpn = name: { endpoint, publicKey, address }: { - networking.wg-quick.interfaces."ovpnd-${name}" = { - inherit address; - privateKeyFile = config.sops.secrets."wg/ovpnd_${name}_privkey".path; - dns = [ - "46.227.67.134" - "192.165.9.158" - ]; + def-wg-vpn = name: { endpoint, publicKey, address, dns, privateKeyFile }: { + networking.wg-quick.interfaces."${name}" = { + inherit address privateKeyFile dns; peers = [ { allowedIPs = [ @@ -25,11 +20,28 @@ let inherit endpoint publicKey; } ]; - # to start: `systemctl start wg-quick-ovpnd-${name}` + # to start: `systemctl start wg-quick-${name}` autostart = false; }; }; + def-ovpn = name: { endpoint, publicKey, address }: def-wg-vpn "ovpnd-${name}" { + inherit endpoint publicKey address; + privateKeyFile = config.sops.secrets."wg/ovpnd_${name}_privkey".path; + dns = [ + "46.227.67.134" + "192.165.9.158" + ]; + }; + + def-servo = def-wg-vpn "vpn-servo" { + endpoint = config.sane.hosts.by-name."servo".wg-home.endpoint; + publicKey = config.sane.hosts.by-name."servo".wg-home.pubkey; + address = [ config.sane.services.wg-home.ip ]; + dns = [ "10.78.79.1" ]; + privateKeyFile = config.networking.wireguard.interfaces.wg-home.privateKeyFile; + }; in lib.mkMerge [ + (def-servo) (def-ovpn "us" { endpoint = "vpn31.prd.losangeles.ovpn.com:9929"; publicKey = "VW6bEWMOlOneta1bf6YFE25N/oMGh1E1UFBCfyggd0k=";