forked from colin/nix-files
net: communicate with the OVPNs network locally instead of over the public internet
This commit is contained in:
parent
efe8a8447a
commit
fa3ed520e2
|
@ -39,6 +39,34 @@
|
|||
];
|
||||
};
|
||||
|
||||
systemd.services.wg0veth = {
|
||||
description = "veth pair to allow communication between host and wg0 netns";
|
||||
after = [ "wireguard-wg0.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
|
||||
ExecStart = with pkgs; writeScript "wg0veth-start" ''
|
||||
#!${bash}/bin/bash
|
||||
# create veth pair
|
||||
${iproute2}/bin/ip link add ovpns-veth-a type veth peer name ovpns-veth-b
|
||||
${iproute2}/bin/ip addr add 10.0.1.5/24 dev ovpns-veth-a
|
||||
${iproute2}/bin/ip link set ovpns-veth-a up
|
||||
# mv veth-b into the ovpns namespace
|
||||
${iproute2}/bin/ip link set ovpns-veth-b netns ovpns
|
||||
${iproute2}/bin/ip -n ovpns addr add 10.0.1.6/24 dev ovpns-veth-b
|
||||
${iproute2}/bin/ip -n ovpns link set ovpns-veth-b up
|
||||
'';
|
||||
|
||||
ExecStop = with pkgs; writeScript "wg0veth-stop" ''
|
||||
#!${bash}/bin/bash
|
||||
${iproute2}/bin/ip -n wg0 link del ovpns-veth-b
|
||||
${iproute2}/bin/ip link del ovpns-veth-a
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# HURRICANE ELECTRIC CONFIG:
|
||||
# networking.sits = {
|
||||
# hurricane = {
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
{
|
||||
services.jackett.enable = true;
|
||||
|
||||
systemd.services.jackett.after = ["wireguard-wg0.service"];
|
||||
systemd.services.jackett.after = ["wg0veth.service"];
|
||||
systemd.services.jackett.serviceConfig = {
|
||||
# run this behind the OVPN static VPN
|
||||
NetworkNamespacePath = "/run/netns/ovpns";
|
||||
|
|
|
@ -94,7 +94,8 @@
|
|||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://ovpns.uninsane.org:9091";
|
||||
# proxyPass = "http://ovpns.uninsane.org:9091";
|
||||
proxyPass = "http://10.0.1.6:9091";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -102,7 +103,8 @@
|
|||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://ovpns.uninsane.org:9117";
|
||||
# proxyPass = "http://ovpns.uninsane.org:9117";
|
||||
proxyPass = "http://10.0.1.6:9117";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
# keeping this the same as the hostname seems simplest
|
||||
services.opendkim.selector = "mx";
|
||||
|
||||
systemd.services.postfix.after = ["wg0veth.service"];
|
||||
systemd.services.postfix.serviceConfig = {
|
||||
# run this behind the OVPN static VPN
|
||||
NetworkNamespacePath = "/run/netns/ovpns";
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
# transmission will by default not allow the world to read its files.
|
||||
services.transmission.downloadDirPermissions = "775";
|
||||
|
||||
systemd.services.transmission.after = ["wireguard-wg0.service"];
|
||||
systemd.services.transmission.after = ["wg0veth.service"];
|
||||
systemd.services.transmission.serviceConfig = {
|
||||
# run this behind the OVPN static VPN
|
||||
NetworkNamespacePath = "/run/netns/ovpns";
|
||||
|
|
Loading…
Reference in New Issue
Block a user