colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

add ukraine VPN

Browse Source
This commit is contained in:
colin
2022-07-09 00:48:09 -07:00
parent dca68a019b
commit f790147fb0
4 changed files with 56 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
modules/universal/vpn.nix
View File

@@ -25,7 +25,34 @@
autostart = false; autostart = false;
}; };
networking.wg-quick.interfaces.ovpnd-ukr = {
address = [
"172.18.180.159/32"
"fd00:0000:1337:cafe:1111:1111:ec5c:add3/128"
];
dns = [
"46.227.67.134"
"192.165.9.158"
];
peers = [
{
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "vpn96.prd.kyiv.ovpn.com:9929";
publicKey = "CjZcXDxaaKpW8b5As1EcNbI6+42A6BjWahwXDCwfVFg=";
}
];
privateKeyFile = config.sops.secrets.wg_ovpnd_ukr_privkey.path;
# to start: `systemctl start wg-quick-ovpnd-ukr`
autostart = false;
};
sops.secrets."wg_ovpnd_privkey" = { sops.secrets."wg_ovpnd_privkey" = {
sopsFile = ../../secrets/universal.yaml; sopsFile = ../../secrets/universal.yaml;
}; };
sops.secrets."wg_ovpnd_ukr_privkey" = {
sopsFile = ../../secrets/universal.yaml;
};
} }

14
pkgs/sane-scripts/src/bin/sane-vpn-down
View File

@@ -1,4 +1,16 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# first arg should be the region, e.g. `us` or `ukr`
case $1 in
ukr)
iface=wg-quick-ovpnd-ukr;;
us)
iface=wg-quick-ovpnd;;
*)
echo "invalid vpn name '$1'"; exit 1;;
esac
echo vpn: $(curl https://ipinfo.io/ip) echo vpn: $(curl https://ipinfo.io/ip)
sudo systemctl stop wg-quick-ovpnd sudo systemctl stop $iface
echo plain: $(curl https://ipinfo.io/ip) echo plain: $(curl https://ipinfo.io/ip)

14
pkgs/sane-scripts/src/bin/sane-vpn-up
View File

@@ -1,4 +1,16 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# first arg should be the region, e.g. `us` or `ukr`
case $1 in
ukr)
iface=wg-quick-ovpnd-ukr;;
us)
iface=wg-quick-ovpnd;;
*)
echo "invalid vpn name '$1'"; exit 1;;
esac
echo plain: $(curl https://ipinfo.io/ip) echo plain: $(curl https://ipinfo.io/ip)
sudo systemctl start wg-quick-ovpnd sudo systemctl start $iface
echo vpn: $(curl https://ipinfo.io/ip) echo vpn: $(curl https://ipinfo.io/ip)

5
secrets/universal.yaml
View File

@@ -1,4 +1,5 @@
wg_ovpnd_privkey: ENC[AES256_GCM,data:qmyCOcD5TA7SKqSDCTZOTahkfYVZMJUGuyselmQbqj1uer3e4cBRSMuIiRI=,iv:jnHvGgVu/8HWT8MkI2wtGqlCs6wTu0C8huHpkdDmBYk=,tag:a0r0f/6LTBUuhvLGu+SFug==,type:str] wg_ovpnd_privkey: ENC[AES256_GCM,data:qmyCOcD5TA7SKqSDCTZOTahkfYVZMJUGuyselmQbqj1uer3e4cBRSMuIiRI=,iv:jnHvGgVu/8HWT8MkI2wtGqlCs6wTu0C8huHpkdDmBYk=,tag:a0r0f/6LTBUuhvLGu+SFug==,type:str]
wg_ovpnd_ukr_privkey: ENC[AES256_GCM,data:5zfhsZnBk0Kb9Nb/3igsV/fN0ZDjwTAGTKyMLMly/l7MlJe6MEmd5Lv+JT8=,iv:Mov9eUP8WfvzfZ6NljgLolJ49GSqR7eSV+k0dgE1+1I=,tag:O9UtGX2qt+qEvabcsA0vIA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -77,8 +78,8 @@ sops:
T1ZLaWRwWFJkNE82NC80QTdjZ1l1Zm8K7QhAMCO/65Z0N4coN+sc7WYNVI+BvV01 T1ZLaWRwWFJkNE82NC80QTdjZ1l1Zm8K7QhAMCO/65Z0N4coN+sc7WYNVI+BvV01
q5DXWTtePrPRQ8ZCqT7gWdSQc8iS410HEZ2Nya5IA+ktGxMO9h1EXA== q5DXWTtePrPRQ8ZCqT7gWdSQc8iS410HEZ2Nya5IA+ktGxMO9h1EXA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-06-21T09:01:02Z" lastmodified: "2022-07-09T07:40:05Z"
mac: ENC[AES256_GCM,data:G6crbY/fKKHjiCI7m+uOIRHrW2CJFM6DPD598h/vqRwYI0laIkasr7vUMuV72RyqAW52F90kIYyLY5qhu4uTOBqHK5aJHAxNo55knHrpXYQemMMt5UGC3AwgswLWkqze43EhIj7NrA6LTFF4MX+rD3yhFC+IAQOgZ1HiIk9h0sY=,iv:kDDHyNlaCCq9AVSr5qaF1OYZxNAGgxSGL5bxYL3Q79w=,tag:5FNaXMHjTyjyPScOXgep6Q==,type:str] mac: ENC[AES256_GCM,data:U7kbbCm6I+S86En04h+jKFhqm+++iFHluA0ceChTEJEFaWX4FqMQHAthHl4Bce+AMjhdu5IjTajnAHp2RDvGRMoyissAH0+SwWR5lEKVhHZFl2jQga1T8rmScfCnP5nK8lRUiSBtbEZWPE+Pct63mR7rEUVFLtKIIoqOYfpB6XI=,iv:sa3eUtOnjs49y2EL/ndP/1f9iyOB4wTAc97TZ8zhBXQ=,tag:n91xs8Carw6OO/rk3dO+Fw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3