From 927e91aae8ae51b54ec191b917bdef5f9eeaf657 Mon Sep 17 00:00:00 2001
From: Louis Pearson <opensource@louispearson.work>
Date: Tue, 9 Jan 2024 22:38:19 -0700
Subject: [PATCH] feat: wireguard vpn for aria2

---
 configuration.nix | 48 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 47 insertions(+), 1 deletion(-)

diff --git a/configuration.nix b/configuration.nix
index c748862..eba8c3d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -118,8 +118,54 @@
   services.sonarr   = { enable = true; group = "multimedia"; };
   services.prowlarr = { enable = true; };
 
-  services.aria2.enable = true;
+  systemd.services."netns@" = {
+    description = "%I network namespace";
+    before = [ "network.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = "${pkgs.iproute}/bin/ip netns add %I";
+      ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
+    };
+  };
 
+  systemd.services.wg = {
+    description = "wg network interface";
+    bindsTo = [ "netns@wg.service" ];
+    requires = [ "network-online.target" ];
+    after = [ "netns@wg.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExist = true;
+      ExecStart = with pkgs; writers.writeBash "wg-up" ''
+        set -e
+        ${iproute}/bin/ip link add wg0 type wireguard
+        ${iproute}/bin/ip link set wg0 netns wg
+        ${iproute}/bin/ip -n wg address add 10.65.64.220/32 dev wg0
+        ${iproute}/bin/ip -n wg -6 address add fc00:bbbb:bbbb:bb01::2:40db/128 dev wg0
+        ${iproute}/bin/ip netns exec wg ${wireguard-tools}/bin/wg setconf wg0 /var/wireguard-keys/chief-frog.conf
+        ${iproute}/bin/ip -n wg link set wg0 up
+        ${iproute}/bin/ip -n wg route add default dev wg0
+        ${iproute}/bin/ip -n wg -6 route add default dev wg0
+      '';
+      ExecStop = with pkgs; writers.writeBash "wg-down" ''
+        ${iproute}/bin/ip -n wg route del default dev wg0
+        ${iproute}/bin/ip -n wg -6 route del default dev wg0 
+        ${iproute}/bin/ip -n wg link del wg0
+      '';
+    };
+  };
+
+  services.aria2.enable = true;
+  systemd.services."aria2" = {
+    bindsTo = [ "netns@wg.service" ];
+    requires = [ "network-online.target" ];
+    after = [ "wg.service" ];
+    serviceConfig = {
+      NetworkNamespacePath = "/var/run/netns/wg";
+    };
+  };
+  
   services.kavita = {
     enable = true;
     tokenKeyFile = "/var/kavita-token-key";