diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-10-13 02:34:01 -0700 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-10-13 02:34:01 -0700 |
commit | a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f (patch) | |
tree | dacb626e82892dd0b779074f4464c04be323452d /home/root/arrakis.nix | |
parent | 7084b04dd487b45abbd67976e232f2dbb13f463e (diff) | |
download | nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar.gz nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar.bz2 nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar.lz nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar.xz nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar.zst nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.zip |
Add initial VPN support @arrakis
Diffstat (limited to 'home/root/arrakis.nix')
-rw-r--r-- | home/root/arrakis.nix | 71 |
1 files changed, 70 insertions, 1 deletions
diff --git a/home/root/arrakis.nix b/home/root/arrakis.nix index 83c92cd..d23549a 100644 --- a/home/root/arrakis.nix +++ b/home/root/arrakis.nix @@ -1,6 +1,75 @@ -{ inputs, lib, pkgs, config, outputs, ... }: +{ config, inputs, lib, outputs, pkgs, ... }: { imports = [ common/core ]; + + home.file = { + "bin/vpnctl" = { + executable = true; + text = '' + #!/usr/bin/env zsh + + function status_vpn { + + ip netns exec vpn su -c 'curl -m 10 -s https://bitgnome.net/ip/ | grep REMOTE_ADDR' nipsy + ip netns exec vpn su -c 'curl -m 10 -s https://www.cloudflarestatus.com | grep "Cloudflare Status"' nipsy + + } + + function start_vpn { + + ip netns add vpn + ip link add veth.host type veth peer veth.vpn + ip link set dev veth.host up + ip link set veth.vpn netns vpn up + ip -n vpn address add 192.168.1.3/24 dev veth.vpn + ip route add 192.168.1.3/32 dev veth.host + ip link add wg1 type wireguard + ip link set wg1 netns vpn + ip -n vpn -4 address add $(grep ^#Address /run/secrets/wireguard/wg1_conf | cut -d= -f2 | cut -d, -f1 | xargs) dev wg1 + ip netns exec vpn wg setconf wg1 /run/secrets/wireguard/wg1_conf + ip -n vpn link set wg1 up + ip -n vpn route add default dev wg1 + ip netns exec vpn nft -f /etc/nftables-vpn.conf + + } + + function stop_vpn { + + #systemctl stop qbittorrent-nox@nipsy.service prowlarr.service + ip netns del vpn + ip link del veth.host + + } + + if [[ -z "${1}" || "${1}" == "status" ]]; then + + status_vpn + + elif [[ "${1}" == "restart" ]]; then + + stop_vpn + sleep 2 + start_vpn + #systemctl start qbittorrent-nox@nipsy.service prowlarr.service + + elif [[ "${1}" == "restart_firewall" ]]; then + + ip netns exec vpn nft -f /etc/nftables-vpn.conf + + elif [[ "${1}" == "start" ]]; then + + start_vpn + + elif [[ "${1}" == "stop" ]]; then + + stop_vpn + + fi + + exit 0 + ''; + }; + }: } |