cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

vpn v10

Browse Source
This commit is contained in:
cnst
2025-07-20 13:59:08 +02:00
parent c3df48668d
commit ff656dc319
6 changed files with 31 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/sobotka/default.nix
View File

@@ -55,10 +55,10 @@ in {
"192.168.88.13/24" "192.168.88.13/24"
]; ];
# endpoint = "demo.wireguard.io:12913"; # endpoint = "demo.wireguard.io:12913";
# publicKey = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; publicKey = "cUeRvwTwrL5GRc4dHjea89RJSa1kh4kIA/sHYzmscyQ=";
} }
]; ];
# privateKey = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="; privateKeyFile = config.age.secrets.wgSobotkaPrivateKey.path;
}; };
}; };
}; };

1
modules/nixos/services/agenix/default.nix
View File

@@ -61,6 +61,7 @@ in {
cloudflareDnsApiToken.file = "${self}/secrets/cloudflareDnsApiToken.age"; cloudflareDnsApiToken.file = "${self}/secrets/cloudflareDnsApiToken.age";
cloudflareDnsCredentials.file = "${self}/secrets/cloudflareDnsCredentials.age"; cloudflareDnsCredentials.file = "${self}/secrets/cloudflareDnsCredentials.age";
wgCredentials.file = "${self}/secrets/wgCredentials.age"; wgCredentials.file = "${self}/secrets/wgCredentials.age";
wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age"; vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwarden-env.file = "${self}/secrets/vaultwarden-env.age"; vaultwarden-env.file = "${self}/secrets/vaultwarden-env.age";
homepage-env.file = "${self}/secrets/homepage-env.age"; homepage-env.file = "${self}/secrets/homepage-env.age";

32
modules/server/deluge/default.nix
View File

@@ -52,35 +52,35 @@ in {
}; };
systemd = lib.mkIf srv.wireguard-netns.enable { systemd = lib.mkIf srv.wireguard-netns.enable {
services.deluged.serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}"; services.deluged = {
bindsTo = ["netns@${ns}.service"];
services.deluged.requires = [ requires = ["network-online.target"];
"netns@${ns}.service" serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}";
"network-online.target" };
];
sockets."delugedproxy" = { sockets."delugedproxy" = {
enable = true; enable = true;
description = "Socket Proxy for Deluge WebUI"; description = "Socket for Proxy to Deluge WebUI";
listenStreams = [ listenStreams = ["58846"];
"127.0.0.1:8112"
];
wantedBy = ["sockets.target"]; wantedBy = ["sockets.target"];
}; };
services."delugedproxy" = { services."delugedproxy" = {
description = "Proxy to Deluge in Network Namespace"; description = "Proxy to Deluge in Network Namespace";
requires = ["deluged.service"]; requires = [
after = ["delugedproxy.socket"]; "deluged.service"
"delugedproxy.socket"
];
after = [
"deluged.service"
"delugedproxy.socket"
];
unitConfig = { unitConfig = {
JoinsNamespaceOf = "deluged.service"; JoinsNamespaceOf = "deluged.service";
}; };
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = '' ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 127.0.0.1:58846";
${pkgs.socat}/bin/socat - TCP4:127.0.0.1:8112
'';
PrivateNetwork = true; PrivateNetwork = true;
NetworkNamespacePath = "/var/run/netns/${ns}"; NetworkNamespacePath = "/var/run/netns/${ns}";
}; };

2
modules/server/wireguard-netns/default.nix
View File

@@ -58,9 +58,7 @@ in {
in { in {
systemd.services."netns@${cfg.namespace}" = { systemd.services."netns@${cfg.namespace}" = {
description = "WireGuard VPN netns (${cfg.namespace})"; description = "WireGuard VPN netns (${cfg.namespace})";
bindsTo = ["netns@${cfg.namespace}.service"];
requires = ["network-online.target"]; requires = ["network-online.target"];
after = ["netns@${cfg.namespace}.service"];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
serviceConfig = { serviceConfig = {

1
secrets/secrets.nix
View File

@@ -18,4 +18,5 @@ in {
"cloudflareDnsApiToken.age".publicKeys = [cnst kima usobotka rsobotka]; "cloudflareDnsApiToken.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareDnsCredentials.age".publicKeys = [cnst kima usobotka rsobotka]; "cloudflareDnsCredentials.age".publicKeys = [cnst kima usobotka rsobotka];
"wgCredentials.age".publicKeys = [cnst kima usobotka rsobotka]; "wgCredentials.age".publicKeys = [cnst kima usobotka rsobotka];
"wgSobotkaPrivateKey.age".publicKeys = [cnst kima usobotka rsobotka];
} }

11
secrets/wgSobotkaPrivateKey.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg 57VYpYAfj/F+vcJk9dykVN/YKpfT/QR5Q/a/ZvURl2Y
NMZ3P7oehNlukQhY0ClwcbX5pSKU6SWHRksJDmaxPQ4
-> ssh-ed25519 KUYMFA SEvNsGGlKHSw+cMp74nkBgoA9FicK5slrEyWaIQE0wE
tZ/gJnWqwtSck41BrJB2Wf++UcCXfxh4eES5rBjLfyE
-> ssh-ed25519 76RhUQ E65fkanGSeEwMTYDW97Aub33BGjqf5w1mqzcjq5svys
EFM45HRydOio3KTKtE8HUNWmQ3PfnbkFj82Hl+A0Zso
-> ssh-ed25519 Jf8sqw rTcmk9sCMsdRMd39dQprmOVU4mv7Ll18FvmuKri451Y
fPOCpQIfsF/0VjtzXHBkU0NS+jslAokv/pUtIx/JZsk
--- 1EBJeEwLcWYrIKUx9zrcCjkrsJmeAVhVdSmLc+dcf0w
oGMKz<EFBFBD>"<17>{<7B><>&<0E>¨<EFBFBD><C2A8><EFBFBD>><3E>a<EFBFBD>w[<5B><><EFBFBD>- <09><>n""6<08>e<>m+<2B>Ӕ<1F>j<EFBFBD><6A>Ő<EFBFBD><C590> <0B><>O̳K<CCB3><4B><0F>q<1D>#<23>a