parent
163496fb73
commit
28d21cbf41
@ -0,0 +1,68 @@ |
|||||||
|
{ pkgs, ... }: |
||||||
|
|
||||||
|
{ |
||||||
|
systemd.services.mullvad-ns = { |
||||||
|
description = "Mullvad NetNS"; |
||||||
|
path = with pkgs; [ iproute ]; |
||||||
|
|
||||||
|
serviceConfig = { |
||||||
|
Type = "oneshot"; |
||||||
|
RemainAfterExit = true; |
||||||
|
PrivateNetwork = false; |
||||||
|
}; |
||||||
|
|
||||||
|
script = '' |
||||||
|
ip netns add mullvad-ns |
||||||
|
|
||||||
|
# Create veth to tunnel traffic into/out of the ns |
||||||
|
ip link add veth-mullvad type veth peer veth-main netns mullvad-ns |
||||||
|
ip address add 10.49.0.1/30 dev veth-mullvad |
||||||
|
ip netns exec mullvad-ns ip address add 10.49.0.2/30 dev veth-main |
||||||
|
ip link set veth-mullvad up |
||||||
|
ip netns exec mullvad-ns ip link set veth-main up |
||||||
|
''; |
||||||
|
|
||||||
|
postStop = '' |
||||||
|
ip netns del mullvad-ns |
||||||
|
''; |
||||||
|
}; |
||||||
|
|
||||||
|
# services.ferm2.extraForwards = '' |
||||||
|
# proto tcp ACCEPT; |
||||||
|
# ''; |
||||||
|
|
||||||
|
networking.wireguard.interfaces.mullvad = { |
||||||
|
interfaceNamespace = "mullvad-ns"; |
||||||
|
privateKeyFile = "/var/lib/mullvad/private"; |
||||||
|
ips = [ "10.67.102.9/32" "fc00:bbbb:bbbb:bb01::4:6608/128"]; |
||||||
|
peers = [ { |
||||||
|
publicKey = "veGD6/aEY6sMfN3Ls7YWPmNgu3AheO7nQqsFT47YSws="; |
||||||
|
allowedIPs = [ "0.0.0.0/0" "::0/0"]; |
||||||
|
endpoint = "185.213.154.69:51820"; |
||||||
|
}]; |
||||||
|
}; |
||||||
|
|
||||||
|
systemd.services.wireguard-mullvad = { |
||||||
|
requires = [ "mullvad-ns.service" ]; |
||||||
|
after = [ "mullvad-ns.service" ]; |
||||||
|
}; |
||||||
|
|
||||||
|
environment.etc."netns/mullvad-ns/resolv.conf" = { |
||||||
|
enable = true; |
||||||
|
text = '' |
||||||
|
nameserver 193.138.218.74 |
||||||
|
options edns0 |
||||||
|
''; |
||||||
|
}; |
||||||
|
|
||||||
|
services.transmission.enable = true; |
||||||
|
systemd.services.transmission = { |
||||||
|
serviceConfig = { |
||||||
|
NetworkNamespacePath = "/run/netns/mullvad-ns"; |
||||||
|
BindPaths= ["/etc/netns/mullvad-ns/resolv.conf:/etc/resolv.conf"]; |
||||||
|
}; |
||||||
|
requires = [ "wireguard-mullvad.service" ]; |
||||||
|
after = [ "wireguard-mullvad.service" ]; |
||||||
|
}; |
||||||
|
} |
||||||
|
|
Loading…
Reference in new issue