cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

vpn v6

Browse Source
This commit is contained in:
cnst
2025-07-20 12:51:09 +02:00
parent 75a3955d81
commit 87ab9cc1d3
2 changed files with 27 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
modules/server/deluge/default.nix
View File

@@ -35,14 +35,13 @@ in {
default = "Downloads"; default = "Downloads";
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.deluge = { services.deluge = {
enable = true; enable = true;
user = srv.user; user = srv.user;
group = srv.group; group = srv.group;
web = { web.enable = true;
enable = true;
};
}; };
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
@@ -53,37 +52,32 @@ in {
}; };
systemd = lib.mkIf srv.wireguard-netns.enable { systemd = lib.mkIf srv.wireguard-netns.enable {
services.deluged.bindsTo = ["netns@${ns}.service"];
services.deluged.requires = [
"network-online.target"
"${ns}.service"
];
services.deluged.serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}"; services.deluged.serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}";
sockets."deluged-proxy" = { services.deluge-web.serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}";
enable = true;
description = "Socket for Proxy to Deluge WebUI"; services.deluged.after = ["netns@${ns}.service"];
listenStreams = ["58846"]; services.deluge-web.after = ["netns@${ns}.service"];
sockets."deluge-web-proxy" = {
description = "Socket Proxy for Deluge WebUI";
listenStreams = [
"127.0.0.1:8112"
];
wantedBy = ["sockets.target"]; wantedBy = ["sockets.target"];
}; };
services."deluged-proxy" = {
enable = true; services."deluge-web-proxy" = {
description = "Proxy to Deluge Daemon in Network Namespace"; description = "Proxy to Deluge WebUI in Network Namespace";
requires = [ requires = ["deluge-web-proxy.socket"];
"deluged.service" after = ["deluge-web-proxy.socket"];
"deluged-proxy.socket"
];
after = [
"deluged.service"
"deluged-proxy.socket"
];
unitConfig = {
JoinsNamespaceOf = "deluged.service";
};
serviceConfig = { serviceConfig = {
User = config.services.deluge.user; Type = "simple";
Group = config.services.deluge.group; ExecStart = ''
ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 127.0.0.1:58846"; ${pkgs.socat}/bin/socat - TCP4:127.0.0.1:8112
PrivateNetwork = "yes"; '';
PrivateNetwork = true;
NetworkNamespacePath = "/var/run/netns/${ns}";
}; };
}; };
}; };

12
modules/server/wireguard-netns/default.nix
View File

@@ -31,29 +31,22 @@ in {
NS=${cfg.namespace} NS=${cfg.namespace}
ADDR=$(awk -F' *= *' '/^Address/ { print $2 }' "$CONFIG") ADDR=$(awk -F' *= *' '/^Address/ { print $2 }' "$CONFIG")
DNS=$(awk -F' *= *' '/^DNS/ { print $2 }' "$CONFIG") DNS=$(awk -F' *= *' '/^DNS/ { print $2 }' "$CONFIG")
ip netns delete "$NS" 2>/dev/null || true ip netns delete "$NS" 2>/dev/null || true
ip netns add "$NS" ip netns add "$NS"
ip link add wg0 type wireguard ip link add wg0 type wireguard
ip link set wg0 netns "$NS" ip link set wg0 netns "$NS"
IFS=',' read -ra ADDRS <<< "$ADDR" IFS=',' read -ra ADDRS <<< "$ADDR"
for ip in "''${ADDRS[@]}"; do for ip in "''${ADDRS[@]}"; do
ip -n "$NS" addr add "$ip" dev wg0 ip -n "$NS" addr add "$ip" dev wg0
done done
ip -n "$NS" link set wg0 up ip -n "$NS" link set wg0 up
grep -vE '^(Address|DNS) *=' "$CONFIG" | ip netns exec "$NS" wg setconf wg0 /dev/stdin grep -vE '^(Address|DNS) *=' "$CONFIG" | ip netns exec "$NS" wg setconf wg0 /dev/stdin
ip netns exec "$NS" ip link set lo up ip netns exec "$NS" ip link set lo up
ip netns exec "$NS" ip route add default dev wg0 ip netns exec "$NS" ip route add default dev wg0
mkdir -p /etc/netns/"$NS" mkdir -p /etc/netns/"$NS"
echo "nameserver $DNS" > /etc/netns/"$NS"/resolv.conf echo "nameserver $DNS" > /etc/netns/"$NS"/resolv.conf
''; '';
}; };
netnsTeardown = pkgs.writeShellApplication { netnsTeardown = pkgs.writeShellApplication {
name = "netns-${cfg.namespace}-teardown"; name = "netns-${cfg.namespace}-teardown";
runtimeInputs = with pkgs; [iproute2]; runtimeInputs = with pkgs; [iproute2];
@@ -65,8 +58,9 @@ in {
in { in {
systemd.services."netns@${cfg.namespace}" = { systemd.services."netns@${cfg.namespace}" = {
description = "WireGuard VPN netns (${cfg.namespace})"; description = "WireGuard VPN netns (${cfg.namespace})";
after = ["network-online.target"]; bindsTo = ["netns@${cfg.namespace}.service"];
wants = ["network-online.target"]; requires = ["network-online.target"];
after = ["netns@${cfg.namespace}.service"];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
serviceConfig = { serviceConfig = {