From 4a324709067f9125868c099ba37f7c27ebe8207a Mon Sep 17 00:00:00 2001
From: Yorick van Pelt <yorick@yorickvanpelt.nl>
Date: Sat, 23 May 2020 13:01:10 +0200
Subject: [PATCH] add mullvad config

---
 keys/wg.mullvad-nl3.key | Bin 0 -> 67 bytes
 keys/wg.zazu.key        | Bin 0 -> 67 bytes
 services/torrent-wg.nix |  37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 keys/wg.mullvad-nl3.key
 create mode 100644 keys/wg.zazu.key
 create mode 100644 services/torrent-wg.nix

diff --git a/keys/wg.mullvad-nl3.key b/keys/wg.mullvad-nl3.key
new file mode 100644
index 0000000000000000000000000000000000000000..91584a6cb02b346f0ac75689b9a6a0bdff69605a
GIT binary patch
literal 67
zcmV-J0KESIM@dveQdv+`0Ilk2|18SBkx@O!i1J9UX)o}l=xsPU^W+i1-FGW;diXLu
ZWHAOfiwi6EF8j{$#(CCRQIIO)^=c=^Asqk!

literal 0
HcmV?d00001

diff --git a/keys/wg.zazu.key b/keys/wg.zazu.key
new file mode 100644
index 0000000000000000000000000000000000000000..ea44d6ab4cfc191c407b2a733a127e49a4f8e639
GIT binary patch
literal 67
zcmV-J0KESIM@dveQdv+`0N6P)+(|#RAf~v03^p1|w{<AmvvcY=<>F0-35uU+PV91l
ZlTb354?F8KIg>0hanir7x^RM}q}ZDe9t!{f

literal 0
HcmV?d00001

diff --git a/services/torrent-wg.nix b/services/torrent-wg.nix
new file mode 100644
index 0000000..fca2c77
--- /dev/null
+++ b/services/torrent-wg.nix
@@ -0,0 +1,37 @@
+{lib, config, ...}:
+let
+  cfg = config.services.yorick.torrent-vpn;
+in
+{
+  options.services.yorick.torrent-vpn = with lib; {
+    enable = mkEnableOption "torrent-vpn";
+    name = mkOption { type = types.str; };
+    namespace = mkOption { type = types.str; };
+  };
+  config = {
+    deployment.keyys = [ (<yori-nix/keys>+"/wg.${cfg.name}.key") ];
+    networking.wireguard.interfaces.${cfg.name} = {
+      # curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'
+      ips = ["10.64.19.76/32" "fc00:bbbb:bbbb:bb01::1:134b/128"];
+      privateKeyFile = "/root/keys/wg.${cfg.name}.key";
+      peers = [{
+        publicKey = "hnRyse6QxPPcZOoSwRsHUtK1W+APWXnIoaDTmH6JsHQ=";
+        allowedIPs = ["0.0.0.0/0" "::0/0"];
+        endpoint = "185.65.134.224:31173";
+      }];
+      interfaceNamespace = cfg.namespace;
+    };
+    systemd.services."wireguard-${cfg.name}" = {
+      preStart = ''
+        ip netns add "${cfg.namespace}"
+      '';
+      postStop = ''
+        ip netns del "${cfg.namespace}"
+      '';
+    };
+    environment.etc."netns/torrent/resolv.conf".text = ''
+      nameserver 193.138.218.74
+    '';
+  };
+}
+# todo: presets