You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
68 lines
1.7 KiB
68 lines
1.7 KiB
{ pkgs, ... }:
|
|
|
|
{
|
|
systemd.services.mullvad-ns = {
|
|
description = "Mullvad NetNS";
|
|
path = with pkgs; [ iproute ];
|
|
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
PrivateNetwork = false;
|
|
};
|
|
|
|
script = ''
|
|
ip netns add mullvad-ns
|
|
|
|
# Create veth to tunnel traffic into/out of the ns
|
|
ip link add veth-mullvad type veth peer veth-main netns mullvad-ns
|
|
ip address add 10.49.0.1/30 dev veth-mullvad
|
|
ip netns exec mullvad-ns ip address add 10.49.0.2/30 dev veth-main
|
|
ip link set veth-mullvad up
|
|
ip netns exec mullvad-ns ip link set veth-main up
|
|
'';
|
|
|
|
postStop = ''
|
|
ip netns del mullvad-ns
|
|
'';
|
|
};
|
|
|
|
# services.ferm2.extraForwards = ''
|
|
# proto tcp ACCEPT;
|
|
# '';
|
|
|
|
networking.wireguard.interfaces.mullvad = {
|
|
interfaceNamespace = "mullvad-ns";
|
|
privateKeyFile = "/var/lib/mullvad/private";
|
|
ips = [ "10.67.102.9/32" "fc00:bbbb:bbbb:bb01::4:6608/128"];
|
|
peers = [ {
|
|
publicKey = "veGD6/aEY6sMfN3Ls7YWPmNgu3AheO7nQqsFT47YSws=";
|
|
allowedIPs = [ "0.0.0.0/0" "::0/0"];
|
|
endpoint = "185.213.154.69:51820";
|
|
}];
|
|
};
|
|
|
|
systemd.services.wireguard-mullvad = {
|
|
requires = [ "mullvad-ns.service" ];
|
|
after = [ "mullvad-ns.service" ];
|
|
};
|
|
|
|
environment.etc."netns/mullvad-ns/resolv.conf" = {
|
|
enable = true;
|
|
text = ''
|
|
nameserver 193.138.218.74
|
|
options edns0
|
|
'';
|
|
};
|
|
|
|
services.transmission.enable = true;
|
|
systemd.services.transmission = {
|
|
serviceConfig = {
|
|
NetworkNamespacePath = "/run/netns/mullvad-ns";
|
|
BindPaths= ["/etc/netns/mullvad-ns/resolv.conf:/etc/resolv.conf"];
|
|
};
|
|
requires = [ "wireguard-mullvad.service" ];
|
|
after = [ "wireguard-mullvad.service" ];
|
|
};
|
|
}
|
|
|
|
|