net: communicate with the OVPNs network locally instead of over the public internet
This commit is contained in:
@@ -39,6 +39,34 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.wg0veth = {
|
||||||
|
description = "veth pair to allow communication between host and wg0 netns";
|
||||||
|
after = [ "wireguard-wg0.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
|
||||||
|
ExecStart = with pkgs; writeScript "wg0veth-start" ''
|
||||||
|
#!${bash}/bin/bash
|
||||||
|
# create veth pair
|
||||||
|
${iproute2}/bin/ip link add ovpns-veth-a type veth peer name ovpns-veth-b
|
||||||
|
${iproute2}/bin/ip addr add 10.0.1.5/24 dev ovpns-veth-a
|
||||||
|
${iproute2}/bin/ip link set ovpns-veth-a up
|
||||||
|
# mv veth-b into the ovpns namespace
|
||||||
|
${iproute2}/bin/ip link set ovpns-veth-b netns ovpns
|
||||||
|
${iproute2}/bin/ip -n ovpns addr add 10.0.1.6/24 dev ovpns-veth-b
|
||||||
|
${iproute2}/bin/ip -n ovpns link set ovpns-veth-b up
|
||||||
|
'';
|
||||||
|
|
||||||
|
ExecStop = with pkgs; writeScript "wg0veth-stop" ''
|
||||||
|
#!${bash}/bin/bash
|
||||||
|
${iproute2}/bin/ip -n wg0 link del ovpns-veth-b
|
||||||
|
${iproute2}/bin/ip link del ovpns-veth-a
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# HURRICANE ELECTRIC CONFIG:
|
# HURRICANE ELECTRIC CONFIG:
|
||||||
# networking.sits = {
|
# networking.sits = {
|
||||||
# hurricane = {
|
# hurricane = {
|
||||||
|
@@ -3,7 +3,7 @@
|
|||||||
{
|
{
|
||||||
services.jackett.enable = true;
|
services.jackett.enable = true;
|
||||||
|
|
||||||
systemd.services.jackett.after = ["wireguard-wg0.service"];
|
systemd.services.jackett.after = ["wg0veth.service"];
|
||||||
systemd.services.jackett.serviceConfig = {
|
systemd.services.jackett.serviceConfig = {
|
||||||
# run this behind the OVPN static VPN
|
# run this behind the OVPN static VPN
|
||||||
NetworkNamespacePath = "/run/netns/ovpns";
|
NetworkNamespacePath = "/run/netns/ovpns";
|
||||||
|
@@ -94,7 +94,8 @@
|
|||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://ovpns.uninsane.org:9091";
|
# proxyPass = "http://ovpns.uninsane.org:9091";
|
||||||
|
proxyPass = "http://10.0.1.6:9091";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -102,7 +103,8 @@
|
|||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://ovpns.uninsane.org:9117";
|
# proxyPass = "http://ovpns.uninsane.org:9117";
|
||||||
|
proxyPass = "http://10.0.1.6:9117";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@@ -27,6 +27,7 @@
|
|||||||
# keeping this the same as the hostname seems simplest
|
# keeping this the same as the hostname seems simplest
|
||||||
services.opendkim.selector = "mx";
|
services.opendkim.selector = "mx";
|
||||||
|
|
||||||
|
systemd.services.postfix.after = ["wg0veth.service"];
|
||||||
systemd.services.postfix.serviceConfig = {
|
systemd.services.postfix.serviceConfig = {
|
||||||
# run this behind the OVPN static VPN
|
# run this behind the OVPN static VPN
|
||||||
NetworkNamespacePath = "/run/netns/ovpns";
|
NetworkNamespacePath = "/run/netns/ovpns";
|
||||||
|
@@ -28,7 +28,7 @@
|
|||||||
# transmission will by default not allow the world to read its files.
|
# transmission will by default not allow the world to read its files.
|
||||||
services.transmission.downloadDirPermissions = "775";
|
services.transmission.downloadDirPermissions = "775";
|
||||||
|
|
||||||
systemd.services.transmission.after = ["wireguard-wg0.service"];
|
systemd.services.transmission.after = ["wg0veth.service"];
|
||||||
systemd.services.transmission.serviceConfig = {
|
systemd.services.transmission.serviceConfig = {
|
||||||
# run this behind the OVPN static VPN
|
# run this behind the OVPN static VPN
|
||||||
NetworkNamespacePath = "/run/netns/ovpns";
|
NetworkNamespacePath = "/run/netns/ovpns";
|
||||||
|
Reference in New Issue
Block a user