nixos/jackflix: Switch to AirVPN
This commit is contained in:
parent
e36a706956
commit
1bf3904678
@ -4,13 +4,14 @@ let
|
|||||||
inherit (lib.my) networkdAssignment;
|
inherit (lib.my) networkdAssignment;
|
||||||
|
|
||||||
wg = {
|
wg = {
|
||||||
keyFile = "jackflix/mullvad-privkey";
|
keyFile = "jackflix/airvpn-privkey";
|
||||||
|
pskFile = "jackflix/airvpn-psk";
|
||||||
fwMark = 42;
|
fwMark = 42;
|
||||||
routeTable = 51820;
|
routeTable = 51820;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Forwarded in Mullvad config
|
# Forwarded in AirVPN config
|
||||||
transmissionPeerPort = 56528;
|
transmissionPeerPort = 47016;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
@ -21,6 +22,10 @@ in
|
|||||||
group = "systemd-network";
|
group = "systemd-network";
|
||||||
mode = "440";
|
mode = "440";
|
||||||
};
|
};
|
||||||
|
files."${wg.pskFile}" = {
|
||||||
|
group = "systemd-network";
|
||||||
|
mode = "440";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
firewall = {
|
firewall = {
|
||||||
@ -56,6 +61,8 @@ in
|
|||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
Name = "vpn";
|
Name = "vpn";
|
||||||
Kind = "wireguard";
|
Kind = "wireguard";
|
||||||
|
# Specified by AirVPN
|
||||||
|
MTUBytes = "1320";
|
||||||
};
|
};
|
||||||
wireguardConfig = {
|
wireguardConfig = {
|
||||||
PrivateKeyFile = config.age.secrets."${keyFile}".path;
|
PrivateKeyFile = config.age.secrets."${keyFile}".path;
|
||||||
@ -64,10 +71,11 @@ in
|
|||||||
};
|
};
|
||||||
wireguardPeers = [
|
wireguardPeers = [
|
||||||
{
|
{
|
||||||
# mlvd-ams-wg-202
|
# AirVPN NL
|
||||||
wireguardPeerConfig = {
|
wireguardPeerConfig = {
|
||||||
Endpoint = "169.150.196.15:51820";
|
Endpoint = "2a00:1678:1337:2329:e5f:35d4:4404:ef9f:1637";
|
||||||
PublicKey = "BChJDLOwZu9Q1oH0UcrxcHP6xxHhyRbjrBUsE0e07Vk=";
|
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
||||||
|
PresharedKeyFile = config.age.secrets."${pskFile}".path;
|
||||||
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
|
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@ -83,8 +91,8 @@ in
|
|||||||
];
|
];
|
||||||
"90-vpn" = with wg; {
|
"90-vpn" = with wg; {
|
||||||
matchConfig.Name = "vpn";
|
matchConfig.Name = "vpn";
|
||||||
address = [ "10.67.83.59/32" "fc00:bbbb:bbbb:bb01::4:533a/128" ];
|
address = [ "10.182.97.37/32" "fd7d:76ee:e68f:a993:735d:ef5e:6907:b122/128" ];
|
||||||
dns = [ "10.64.0.1" ];
|
dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
|
||||||
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
|
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
|
||||||
{
|
{
|
||||||
Family = "both";
|
Family = "both";
|
||||||
|
|||||||
13
secrets/jackflix/airvpn-privkey.age
Normal file
13
secrets/jackflix/airvpn-privkey.age
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhNYTRudyA0U3FE
|
||||||
|
K3R0R3VEKzRCWitIWFZ5T1RjcG9NcjE0ZWZZbk9qMG5Ra3BmZlVRCkdqRU44RWZo
|
||||||
|
K0xabCtRM08xNDFXQmZ4YjVQNmhKQ05QMzZkUFdWNkNQaXcKLT4gWDI1NTE5IEQ5
|
||||||
|
UkM1UVhielJHSHVDVFV2ZWpBNmI3RElvUGVueG5yenNmVCtJb1BBUm8KSWxCZDFD
|
||||||
|
SnBMMnM0M2E0aWwwVjg4NklIZ0dnVVdYOHQrUEJNZ3ZlK1ZibwotPiA1fS1ncmVh
|
||||||
|
c2UKYVUxbkQyTXRXL0pRTVUvWDJRSXRxYUtyam1ObVZhUmtxVHhyb2hJZzJ2OXhk
|
||||||
|
UVF6R0NQaituZFNvaStOV051dgo4K3RXZG1SSFNMSXpLL05KeTRQN05ja2U0cVVu
|
||||||
|
TE9jcWg0SjNKUXNKME9ZbDhqbm4KLS0tIFQ2K2h1QlRHdFVaL2xCZDJWelEvSHhF
|
||||||
|
NUphd2VNMmFPZi9oa0syQlBrdEUK1ajfpNzcQ6OH1hC2BcLRW7oKgzZjX9r0qZNf
|
||||||
|
n+q5vzcHM6nXNOzgM9ddjoLOyjKy4beZTMnwCBhuDaeqCydlIpKNgkZFaR2RT4+G
|
||||||
|
g64=
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
11
secrets/jackflix/airvpn-psk.age
Normal file
11
secrets/jackflix/airvpn-psk.age
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhNYTRudyBUK2JU
|
||||||
|
NDZCQkgzVi9oNlRzMjZGbWJwWkxvN2hFTndGaTQzc2QwcnBLUjJFCnVjbFFNdVRT
|
||||||
|
YU5uOVFOT0Erc3R1TjY0ZzF3TGZKS2k0VFFiN0Rlb3psRkkKLT4gWDI1NTE5IFA0
|
||||||
|
WEtBbk9WbEwvSVZHSEFOVTI0UHdrMStxRUZzbFJDQk8wc1loZnNQemsKRkdyMm9R
|
||||||
|
WFZlVUVIUUhmOU9XVitnQjQ5eWFYSkFMZ2Q5UVN6K2FYT0tkZwotPiB7Vi1ncmVh
|
||||||
|
c2Ugbl5qID0lIyl1KyBvXnJJeHsKTHpKMDRjeHV5S1NISE16UgotLS0gSUhnNnVN
|
||||||
|
VHd0aHNpcEdrSDIxWkZ3eElodnhCS0kzTjJSakJYRnZLZE9FTQpPxKNiNPNsDJXX
|
||||||
|
mfubEEJTh78EvFllgObtGS7NJ3dvkT6Pg/UgcfevrPrd3w8cxLvnwuWzzxD9TAvp
|
||||||
|
tFe84figvpNUeUSkIN7DsKIHzQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
@ -1,13 +0,0 @@
|
|||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhNYTRudyBkek5i
|
|
||||||
cmhBN2tTZEVsUDdZNEwwT1M4ZWVVaStTRmNINHJtcnFtSmx2VFNNCm9wSDNXMHpn
|
|
||||||
NjgrMnJEdDNpazl0am81d0EyN3UxaC9tWVV6U0VPQ2MxZ28KLT4gWDI1NTE5IG1p
|
|
||||||
SjRkMmo4NkFLSnAwZHlZRlJaUWsyOU51eWJCQXlFcVhzQWQrVnZ2WHMKNW9OeUFr
|
|
||||||
WjlwbEw5bEx2eER0SG0xRGJwQXV0Vy9YNzd3SWdxb1VpdG5EYwotPiAsdW0sdC1n
|
|
||||||
cmVhc2UgJFM6dyZ8KTAgZXdweCxnUkwKb1RKQytRQlN5aFQ1SDlOekZYcGlvY1N1
|
|
||||||
eHNubGxlNzVjd0k4dTczbUoxQmM1ZHl6NHk3M2EvMXFUSkNRcEdKTwpnQzltamRE
|
|
||||||
dUZYMExWakZCOHFKbXdLTk14Nm1RLzVWejFCclZIRHNYUG55K0QzR0cvQytkaEpV
|
|
||||||
Ci0tLSBDOGZSOTZVOGs2WHA0cVNTY3hsOUhDL1hXNGE5NngwMytGVWswZlA5R280
|
|
||||||
Cle7K5aU/uguNVxjKN2w6orJ023uQSnix7IxYkKOoU71Y1s84lbc4GUPv1aNUTsT
|
|
||||||
uc7LoiwGLKrO9YdRsfqzJsbGQlqCkNXg8Q1EcE0s
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
Loading…
Reference in New Issue
Block a user