2021-05-29 18:05:31 +02:00
|
|
|
{ pkgs, lib, config, ... }:
|
|
|
|
let cfg = config.services.yorick.torrent-vpn;
|
2023-04-15 12:28:40 +02:00
|
|
|
# curl -s 'https://api.mullvad.net/www/relays/all/' | jq '.[] | select(.type == "wireguard" and .country_code == "nl" and .owned and .active) | {hostname, pubkey, ipv4_addr_in, ipv6_addr_in}'
|
|
|
|
mullvad_entry = builtins.fromJSON ''
|
|
|
|
{
|
|
|
|
"hostname": "nl-ams-wg-006",
|
|
|
|
"pubkey": "xpZ3ZDEukbqKQvdHwaqKMUhsYhcYD3uLPUh1ACsVr1s=",
|
|
|
|
"ipv4_addr_in": "185.65.134.86",
|
|
|
|
"ipv6_addr_in": "2a03:1b20:3:f011::a06f",
|
|
|
|
"status_messages": [
|
|
|
|
{
|
|
|
|
"message": "OpenVPN servers hosted by 31173 will be upgraded to a newer OS and some will upgrade to 20Gbps from 10Gbps. the upgrades will begin from 2023-MAR-23, we will rotate IP-addresses and also change their hostnames to use the new naming scheme, This will also affect WG Servers in AMS.",
|
|
|
|
"timestamp": "2023-03-23T16:25:13+00:00"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
'';
|
2021-05-29 18:05:31 +02:00
|
|
|
in {
|
2020-05-23 13:01:10 +02:00
|
|
|
options.services.yorick.torrent-vpn = with lib; {
|
|
|
|
enable = mkEnableOption "torrent-vpn";
|
|
|
|
name = mkOption { type = types.str; };
|
|
|
|
namespace = mkOption { type = types.str; };
|
|
|
|
};
|
2022-10-04 10:39:49 +02:00
|
|
|
config = lib.mkIf cfg.enable {
|
2022-05-18 15:57:58 +02:00
|
|
|
age.secrets.wg-torrent.file = ../../secrets/wg.${cfg.name}.age;
|
2020-05-23 13:01:10 +02:00
|
|
|
networking.wireguard.interfaces.${cfg.name} = {
|
2021-01-03 16:39:47 +01:00
|
|
|
ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ];
|
2022-05-18 15:57:58 +02:00
|
|
|
privateKeyFile = config.age.secrets.wg-torrent.path;
|
2020-05-23 13:01:10 +02:00
|
|
|
peers = [{
|
2023-04-15 12:28:40 +02:00
|
|
|
publicKey = mullvad_entry.pubkey;
|
2021-05-29 18:05:31 +02:00
|
|
|
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
2023-04-15 12:28:40 +02:00
|
|
|
endpoint = "[${mullvad_entry.ipv6_addr_in}]:51820";
|
2020-05-23 13:01:10 +02:00
|
|
|
}];
|
|
|
|
interfaceNamespace = cfg.namespace;
|
2021-01-03 16:39:47 +01:00
|
|
|
preSetup = ''
|
2022-10-04 10:15:29 +02:00
|
|
|
${pkgs.iproute2}/bin/ip netns add "${cfg.namespace}" || true
|
2020-05-23 13:01:10 +02:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
environment.etc."netns/torrent/resolv.conf".text = ''
|
2023-04-15 12:28:40 +02:00
|
|
|
nameserver 10.64.0.1
|
2020-05-23 13:01:10 +02:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
}
|
|
|
|
# todo: presets
|