feat: bridge wg namespace to root
parent
927e91aae8
commit
b0f61ff0dc
|
@ -139,11 +139,18 @@
|
||||||
RemainAfterExist = true;
|
RemainAfterExist = true;
|
||||||
ExecStart = with pkgs; writers.writeBash "wg-up" ''
|
ExecStart = with pkgs; writers.writeBash "wg-up" ''
|
||||||
set -e
|
set -e
|
||||||
|
# Create wireguard
|
||||||
${iproute}/bin/ip link add wg0 type wireguard
|
${iproute}/bin/ip link add wg0 type wireguard
|
||||||
|
# Move to wg namespace
|
||||||
${iproute}/bin/ip link set wg0 netns wg
|
${iproute}/bin/ip link set wg0 netns wg
|
||||||
|
# Connect to vpn
|
||||||
${iproute}/bin/ip -n wg address add 10.65.64.220/32 dev wg0
|
${iproute}/bin/ip -n wg address add 10.65.64.220/32 dev wg0
|
||||||
${iproute}/bin/ip -n wg -6 address add fc00:bbbb:bbbb:bb01::2:40db/128 dev wg0
|
${iproute}/bin/ip -n wg -6 address add fc00:bbbb:bbbb:bb01::2:40db/128 dev wg0
|
||||||
${iproute}/bin/ip netns exec wg ${wireguard-tools}/bin/wg setconf wg0 /var/wireguard-keys/chief-frog.conf
|
${iproute}/bin/ip netns exec wg ${wireguard-tools}/bin/wg setconf wg0 /var/wireguard-keys/chief-frog.conf
|
||||||
|
# Bridge namespace to physical port
|
||||||
|
${iproute}/bin/ip link add macvlan1 link enp3s0 type macvlan mode bridge
|
||||||
|
${iproute}/bin/ip link set macvlan1 netns wg
|
||||||
|
# Open network
|
||||||
${iproute}/bin/ip -n wg link set wg0 up
|
${iproute}/bin/ip -n wg link set wg0 up
|
||||||
${iproute}/bin/ip -n wg route add default dev wg0
|
${iproute}/bin/ip -n wg route add default dev wg0
|
||||||
${iproute}/bin/ip -n wg -6 route add default dev wg0
|
${iproute}/bin/ip -n wg -6 route add default dev wg0
|
||||||
|
@ -156,7 +163,10 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.aria2.enable = true;
|
services.aria2 = {
|
||||||
|
enable = true;
|
||||||
|
extraArguments = "--bt-external-ip=10.65.64.220";
|
||||||
|
};
|
||||||
systemd.services."aria2" = {
|
systemd.services."aria2" = {
|
||||||
bindsTo = [ "netns@wg.service" ];
|
bindsTo = [ "netns@wg.service" ];
|
||||||
requires = [ "network-online.target" ];
|
requires = [ "network-online.target" ];
|
||||||
|
|
Loading…
Reference in New Issue