define a new "vpn-servo" which allows routing all traffic out of servo, via wireguard
This commit is contained in:
parent
3a30b891be
commit
e3e2af46a1
|
@ -8,14 +8,9 @@
|
|||
# - copy the Address, PublicKey, Endpoint from OVPN's config
|
||||
# N.B.: maximum interface name in Linux is 15 characters.
|
||||
let
|
||||
def-ovpn = name: { endpoint, publicKey, address }: {
|
||||
networking.wg-quick.interfaces."ovpnd-${name}" = {
|
||||
inherit address;
|
||||
privateKeyFile = config.sops.secrets."wg/ovpnd_${name}_privkey".path;
|
||||
dns = [
|
||||
"46.227.67.134"
|
||||
"192.165.9.158"
|
||||
];
|
||||
def-wg-vpn = name: { endpoint, publicKey, address, dns, privateKeyFile }: {
|
||||
networking.wg-quick.interfaces."${name}" = {
|
||||
inherit address privateKeyFile dns;
|
||||
peers = [
|
||||
{
|
||||
allowedIPs = [
|
||||
|
@ -25,11 +20,28 @@ let
|
|||
inherit endpoint publicKey;
|
||||
}
|
||||
];
|
||||
# to start: `systemctl start wg-quick-ovpnd-${name}`
|
||||
# to start: `systemctl start wg-quick-${name}`
|
||||
autostart = false;
|
||||
};
|
||||
};
|
||||
def-ovpn = name: { endpoint, publicKey, address }: def-wg-vpn "ovpnd-${name}" {
|
||||
inherit endpoint publicKey address;
|
||||
privateKeyFile = config.sops.secrets."wg/ovpnd_${name}_privkey".path;
|
||||
dns = [
|
||||
"46.227.67.134"
|
||||
"192.165.9.158"
|
||||
];
|
||||
};
|
||||
|
||||
def-servo = def-wg-vpn "vpn-servo" {
|
||||
endpoint = config.sane.hosts.by-name."servo".wg-home.endpoint;
|
||||
publicKey = config.sane.hosts.by-name."servo".wg-home.pubkey;
|
||||
address = [ config.sane.services.wg-home.ip ];
|
||||
dns = [ "10.78.79.1" ];
|
||||
privateKeyFile = config.networking.wireguard.interfaces.wg-home.privateKeyFile;
|
||||
};
|
||||
in lib.mkMerge [
|
||||
(def-servo)
|
||||
(def-ovpn "us" {
|
||||
endpoint = "vpn31.prd.losangeles.ovpn.com:9929";
|
||||
publicKey = "VW6bEWMOlOneta1bf6YFE25N/oMGh1E1UFBCfyggd0k=";
|
||||
|
|
Loading…
Reference in New Issue
Block a user