|
|
ec5e8a3269
|
netns: simplify the host -> netns response tunneling
i don't actually need any route table that's higher priority than 'local'
|
2024-11-11 11:02:42 +00:00 |
|
|
|
23913c9cd2
|
netns: configure the device in a way that should allow named endpoints to be resolved outside the netns
|
2024-11-11 02:19:00 +00:00 |
|
|
|
2684b3c1aa
|
wg-home: re-enable keepalives
this should fix some of the flakiness i've seen when deploying moby?
|
2024-11-10 16:19:07 +00:00 |
|
|
|
864e75afce
|
sanebox: purge
|
2024-10-29 05:59:01 +00:00 |
|
|
|
35a41be824
|
modules/*: lint (esp: modules/vpn.nix -- removed unused priorityWgTable)
|
2024-09-03 20:24:36 +00:00 |
|
|
|
f986936bbd
|
wg-home-refresh: use the sandboxed wireguard-tools
|
2024-08-09 23:52:31 +00:00 |
|
|
|
055ad222e3
|
wg-home-refresh: harden systemd service
|
2024-08-09 23:05:58 +00:00 |
|
|
|
6a7dd31755
|
vpn: fix warning about missing /32 syntax
|
2024-08-02 00:37:58 +00:00 |
|
|
|
3c53bca156
|
vpn: log a message whenever the endpoint is updated
only as i'm actively working in this area. hopefully this log message can be less noisy in the future
|
2024-07-06 03:03:38 +00:00 |
|
|
|
6d66a5dbf8
|
vpn: add a service to auto-refresh wireguard endpoints
|
2024-07-05 20:06:16 +00:00 |
|
|
|
5d80e298b5
|
wg-home: deploy so as to be compatible with sane-vpn (e.g., route *WAN* traffic through it)
|
2024-07-05 18:45:26 +00:00 |
|
|
|
845dba3ca5
|
modules/vpn: fix deprecation warnings
|
2024-06-22 03:35:41 +00:00 |
|
|
|
6a15434cc6
|
net/vpn: remove the bridge devices from my VPN setup
|
2024-05-26 01:18:30 +00:00 |
|
|
|
b035d312aa
|
firejail: purge
|
2024-05-25 10:21:31 +00:00 |
|
|
|
bb569b1668
|
sane-vpn: port away from systemd so that i can use it as an ordinary user (no sudo)
|
2024-02-20 22:21:02 +00:00 |
|
|
|
34524ea3e4
|
modules/vpn: fix the vpn-* systemd services
|
2024-02-20 20:40:46 +00:00 |
|
|
|
992194a1f0
|
programs: achieve network sandboxing without "sane-vpn do"
|
2024-01-21 03:51:12 +00:00 |
|
|
|
bad6a7bfee
|
programs: implement "default vpn" with native nix code instead of sane-vpn
|
2024-01-21 01:04:31 +00:00 |
|
|
|
66d5e204be
|
vpn: enforce "id" restrictions
|
2024-01-21 00:57:46 +00:00 |
|
|
|
ce35330923
|
vpn.nix: factor into a proper module
this will allow for better integration with 'sane.programs'
|
2024-01-21 00:49:34 +00:00 |
|
