nixos/jackflix: Switch to AirVPN

2023-07-30 15:12:45 +01:00
parent e36a706956
commit 1bf3904678
4 changed files with 40 additions and 21 deletions
--- a/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
+++ b/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
@@ -4,13 +4,14 @@ let
  inherit (lib.my) networkdAssignment;

  wg = {
-    keyFile = "jackflix/mullvad-privkey";
+    keyFile = "jackflix/airvpn-privkey";
+    pskFile = "jackflix/airvpn-psk";
    fwMark = 42;
    routeTable = 51820;
  };

-  # Forwarded in Mullvad config
-  transmissionPeerPort = 56528;
+  # Forwarded in AirVPN config
+  transmissionPeerPort = 47016;
 in
 {
  config = mkMerge [
@@ -21,6 +22,10 @@ in
            group = "systemd-network";
            mode = "440";
          };
+          files."${wg.pskFile}" = {
+            group = "systemd-network";
+            mode = "440";
+          };
        };

        firewall = {
@@ -56,6 +61,8 @@ in
            netdevConfig = {
              Name = "vpn";
              Kind = "wireguard";
+              # Specified by AirVPN
+              MTUBytes = "1320";
            };
            wireguardConfig = {
              PrivateKeyFile = config.age.secrets."${keyFile}".path;
@@ -64,10 +71,11 @@ in
            };
            wireguardPeers = [
              {
-                # mlvd-ams-wg-202
+                # AirVPN NL
                wireguardPeerConfig = {
-                  Endpoint = "169.150.196.15:51820";
-                  PublicKey = "BChJDLOwZu9Q1oH0UcrxcHP6xxHhyRbjrBUsE0e07Vk=";
+                  Endpoint = "2a00:1678:1337:2329:e5f:35d4:4404:ef9f:1637";
+                  PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
+                  PresharedKeyFile = config.age.secrets."${pskFile}".path;
                  AllowedIPs = [ "0.0.0.0/0" "::/0" ];
                };
              }
@@ -83,8 +91,8 @@ in
            ];
            "90-vpn" = with wg; {
              matchConfig.Name = "vpn";
-              address = [ "10.67.83.59/32" "fc00:bbbb:bbbb:bb01::4:533a/128" ];
-              dns = [ "10.64.0.1" ];
+              address = [ "10.182.97.37/32" "fd7d:76ee:e68f:a993:735d:ef5e:6907:b122/128" ];
+              dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
              routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
                {
                  Family = "both";