aboutsummaryrefslogtreecommitdiffstats
path: root/home
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-10-13 02:34:01 -0700
committerMark Nipper <nipsy@bitgnome.net>2024-10-13 02:34:01 -0700
commita2201eaa979e6e852e0dd519ca5c5dc43ad3b48f (patch)
treedacb626e82892dd0b779074f4464c04be323452d /home
parent7084b04dd487b45abbd67976e232f2dbb13f463e (diff)
downloadnix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar
nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar.gz
nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar.bz2
nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar.lz
nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar.xz
nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.tar.zst
nix-a2201eaa979e6e852e0dd519ca5c5dc43ad3b48f.zip
Add initial VPN support @arrakis
Diffstat (limited to 'home')
-rw-r--r--home/root/arrakis.nix71
1 files changed, 70 insertions, 1 deletions
diff --git a/home/root/arrakis.nix b/home/root/arrakis.nix
index 83c92cd..d23549a 100644
--- a/home/root/arrakis.nix
+++ b/home/root/arrakis.nix
@@ -1,6 +1,75 @@
-{ inputs, lib, pkgs, config, outputs, ... }:
+{ config, inputs, lib, outputs, pkgs, ... }:
{
imports = [
common/core
];
+
+ home.file = {
+ "bin/vpnctl" = {
+ executable = true;
+ text = ''
+ #!/usr/bin/env zsh
+
+ function status_vpn {
+
+ ip netns exec vpn su -c 'curl -m 10 -s https://bitgnome.net/ip/ | grep REMOTE_ADDR' nipsy
+ ip netns exec vpn su -c 'curl -m 10 -s https://www.cloudflarestatus.com | grep "Cloudflare Status"' nipsy
+
+ }
+
+ function start_vpn {
+
+ ip netns add vpn
+ ip link add veth.host type veth peer veth.vpn
+ ip link set dev veth.host up
+ ip link set veth.vpn netns vpn up
+ ip -n vpn address add 192.168.1.3/24 dev veth.vpn
+ ip route add 192.168.1.3/32 dev veth.host
+ ip link add wg1 type wireguard
+ ip link set wg1 netns vpn
+ ip -n vpn -4 address add $(grep ^#Address /run/secrets/wireguard/wg1_conf | cut -d= -f2 | cut -d, -f1 | xargs) dev wg1
+ ip netns exec vpn wg setconf wg1 /run/secrets/wireguard/wg1_conf
+ ip -n vpn link set wg1 up
+ ip -n vpn route add default dev wg1
+ ip netns exec vpn nft -f /etc/nftables-vpn.conf
+
+ }
+
+ function stop_vpn {
+
+ #systemctl stop qbittorrent-nox@nipsy.service prowlarr.service
+ ip netns del vpn
+ ip link del veth.host
+
+ }
+
+ if [[ -z "${1}" || "${1}" == "status" ]]; then
+
+ status_vpn
+
+ elif [[ "${1}" == "restart" ]]; then
+
+ stop_vpn
+ sleep 2
+ start_vpn
+ #systemctl start qbittorrent-nox@nipsy.service prowlarr.service
+
+ elif [[ "${1}" == "restart_firewall" ]]; then
+
+ ip netns exec vpn nft -f /etc/nftables-vpn.conf
+
+ elif [[ "${1}" == "start" ]]; then
+
+ start_vpn
+
+ elif [[ "${1}" == "stop" ]]; then
+
+ stop_vpn
+
+ fi
+
+ exit 0
+ '';
+ };
+ }:
}