feat: wireguard vpn for aria2
parent
601cbbfc46
commit
927e91aae8
|
@ -118,7 +118,53 @@
|
||||||
services.sonarr = { enable = true; group = "multimedia"; };
|
services.sonarr = { enable = true; group = "multimedia"; };
|
||||||
services.prowlarr = { enable = true; };
|
services.prowlarr = { enable = true; };
|
||||||
|
|
||||||
|
systemd.services."netns@" = {
|
||||||
|
description = "%I network namespace";
|
||||||
|
before = [ "network.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
ExecStart = "${pkgs.iproute}/bin/ip netns add %I";
|
||||||
|
ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.wg = {
|
||||||
|
description = "wg network interface";
|
||||||
|
bindsTo = [ "netns@wg.service" ];
|
||||||
|
requires = [ "network-online.target" ];
|
||||||
|
after = [ "netns@wg.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExist = true;
|
||||||
|
ExecStart = with pkgs; writers.writeBash "wg-up" ''
|
||||||
|
set -e
|
||||||
|
${iproute}/bin/ip link add wg0 type wireguard
|
||||||
|
${iproute}/bin/ip link set wg0 netns wg
|
||||||
|
${iproute}/bin/ip -n wg address add 10.65.64.220/32 dev wg0
|
||||||
|
${iproute}/bin/ip -n wg -6 address add fc00:bbbb:bbbb:bb01::2:40db/128 dev wg0
|
||||||
|
${iproute}/bin/ip netns exec wg ${wireguard-tools}/bin/wg setconf wg0 /var/wireguard-keys/chief-frog.conf
|
||||||
|
${iproute}/bin/ip -n wg link set wg0 up
|
||||||
|
${iproute}/bin/ip -n wg route add default dev wg0
|
||||||
|
${iproute}/bin/ip -n wg -6 route add default dev wg0
|
||||||
|
'';
|
||||||
|
ExecStop = with pkgs; writers.writeBash "wg-down" ''
|
||||||
|
${iproute}/bin/ip -n wg route del default dev wg0
|
||||||
|
${iproute}/bin/ip -n wg -6 route del default dev wg0
|
||||||
|
${iproute}/bin/ip -n wg link del wg0
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.aria2.enable = true;
|
services.aria2.enable = true;
|
||||||
|
systemd.services."aria2" = {
|
||||||
|
bindsTo = [ "netns@wg.service" ];
|
||||||
|
requires = [ "network-online.target" ];
|
||||||
|
after = [ "wg.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
NetworkNamespacePath = "/var/run/netns/wg";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.kavita = {
|
services.kavita = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
Loading…
Reference in New Issue