cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

vpn v10

Browse Source
This commit is contained in:
cnst
2025-07-20 13:59:08 +02:00
parent c3df48668d
commit ff656dc319
6 changed files with 31 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/sobotka/default.nix
View File

@@ -55,10 +55,10 @@ in {
"192.168.88.13/24"
];
# endpoint = "demo.wireguard.io:12913";
# publicKey = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
publicKey = "cUeRvwTwrL5GRc4dHjea89RJSa1kh4kIA/sHYzmscyQ=";
}
];
# privateKey = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=";
privateKeyFile = config.age.secrets.wgSobotkaPrivateKey.path;
};
};
};

1
modules/nixos/services/agenix/default.nix
View File

@@ -61,6 +61,7 @@ in {
cloudflareDnsApiToken.file = "${self}/secrets/cloudflareDnsApiToken.age";
cloudflareDnsCredentials.file = "${self}/secrets/cloudflareDnsCredentials.age";
wgCredentials.file = "${self}/secrets/wgCredentials.age";
wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwarden-env.file = "${self}/secrets/vaultwarden-env.age";
homepage-env.file = "${self}/secrets/homepage-env.age";

32
modules/server/deluge/default.nix
View File

@@ -52,35 +52,35 @@ in {
};
systemd = lib.mkIf srv.wireguard-netns.enable {
services.deluged.serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}";
services.deluged.requires = [
"netns@${ns}.service"
"network-online.target"
];
services.deluged = {
bindsTo = ["netns@${ns}.service"];
requires = ["network-online.target"];
serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}";
};
sockets."delugedproxy" = {
enable = true;
description = "Socket Proxy for Deluge WebUI";
listenStreams = [
"127.0.0.1:8112"
];
description = "Socket for Proxy to Deluge WebUI";
listenStreams = ["58846"];
wantedBy = ["sockets.target"];
};
services."delugedproxy" = {
description = "Proxy to Deluge in Network Namespace";
requires = ["deluged.service"];
after = ["delugedproxy.socket"];
requires = [
"deluged.service"
"delugedproxy.socket"
];
after = [
"deluged.service"
"delugedproxy.socket"
];
unitConfig = {
JoinsNamespaceOf = "deluged.service";
};
serviceConfig = {
Type = "simple";
ExecStart = ''
${pkgs.socat}/bin/socat - TCP4:127.0.0.1:8112
'';
ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 127.0.0.1:58846";
PrivateNetwork = true;
NetworkNamespacePath = "/var/run/netns/${ns}";
};

2
modules/server/wireguard-netns/default.nix
View File

@@ -58,9 +58,7 @@ in {
in {
systemd.services."netns@${cfg.namespace}" = {
description = "WireGuard VPN netns (${cfg.namespace})";
bindsTo = ["netns@${cfg.namespace}.service"];
requires = ["network-online.target"];
after = ["netns@${cfg.namespace}.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {

1
secrets/secrets.nix
View File

@@ -18,4 +18,5 @@ in {
"cloudflareDnsApiToken.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareDnsCredentials.age".publicKeys = [cnst kima usobotka rsobotka];
"wgCredentials.age".publicKeys = [cnst kima usobotka rsobotka];
"wgSobotkaPrivateKey.age".publicKeys = [cnst kima usobotka rsobotka];
}

11
secrets/wgSobotkaPrivateKey.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg 57VYpYAfj/F+vcJk9dykVN/YKpfT/QR5Q/a/ZvURl2Y
NMZ3P7oehNlukQhY0ClwcbX5pSKU6SWHRksJDmaxPQ4
-> ssh-ed25519 KUYMFA SEvNsGGlKHSw+cMp74nkBgoA9FicK5slrEyWaIQE0wE
tZ/gJnWqwtSck41BrJB2Wf++UcCXfxh4eES5rBjLfyE
-> ssh-ed25519 76RhUQ E65fkanGSeEwMTYDW97Aub33BGjqf5w1mqzcjq5svys
EFM45HRydOio3KTKtE8HUNWmQ3PfnbkFj82Hl+A0Zso
-> ssh-ed25519 Jf8sqw rTcmk9sCMsdRMd39dQprmOVU4mv7Ll18FvmuKri451Y
fPOCpQIfsF/0VjtzXHBkU0NS+jslAokv/pUtIx/JZsk
--- 1EBJeEwLcWYrIKUx9zrcCjkrsJmeAVhVdSmLc+dcf0w
oGMKz<EFBFBD>"<17>{<7B><>&<0E>¨<EFBFBD><C2A8><EFBFBD>><3E>a<EFBFBD>w[<5B><><EFBFBD>- <09><>n""6<08>e<>m+<2B>Ӕ<1F>j<EFBFBD><6A>Ő<EFBFBD><C590> <0B><>O̳K<CCB3><4B><0F>q<1D>#<23>a