nixos/kelder: Switch to AirVPN
This commit is contained in:
@@ -4,22 +4,29 @@ let
|
|||||||
inherit (lib.my) networkdAssignment;
|
inherit (lib.my) networkdAssignment;
|
||||||
|
|
||||||
wg = {
|
wg = {
|
||||||
keyFile = "kelder/acquisition/mullvad-privkey";
|
keyFile = "kelder/acquisition/airvpn-privkey";
|
||||||
|
pskFile = "kelder/acquisition/airvpn-psk";
|
||||||
fwMark = 42;
|
fwMark = 42;
|
||||||
routeTable = 51820;
|
routeTable = 51820;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Forwarded in Mullvad config
|
# Forwarded in AirVPN config
|
||||||
transmissionPeerPort = 56630;
|
transmissionPeerPort = 26180;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
{
|
{
|
||||||
my = {
|
my = {
|
||||||
secrets = {
|
secrets = {
|
||||||
files."${wg.keyFile}" = {
|
files = {
|
||||||
group = "systemd-network";
|
"${wg.keyFile}" = {
|
||||||
mode = "440";
|
group = "systemd-network";
|
||||||
|
mode = "440";
|
||||||
|
};
|
||||||
|
"${wg.pskFile}" = {
|
||||||
|
group = "systemd-network";
|
||||||
|
mode = "440";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -56,6 +63,8 @@ in
|
|||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
Name = "vpn";
|
Name = "vpn";
|
||||||
Kind = "wireguard";
|
Kind = "wireguard";
|
||||||
|
# Specified by AirVPN
|
||||||
|
MTUBytes = "1320";
|
||||||
};
|
};
|
||||||
wireguardConfig = {
|
wireguardConfig = {
|
||||||
PrivateKeyFile = config.age.secrets."${keyFile}".path;
|
PrivateKeyFile = config.age.secrets."${keyFile}".path;
|
||||||
@@ -64,10 +73,11 @@ in
|
|||||||
};
|
};
|
||||||
wireguardPeers = [
|
wireguardPeers = [
|
||||||
{
|
{
|
||||||
# mlvd-ie-dub-wg-101
|
# AirVPN IE
|
||||||
wireguardPeerConfig = {
|
wireguardPeerConfig = {
|
||||||
Endpoint = "146.70.189.2:51820";
|
Endpoint = "146.70.94.2:1637";
|
||||||
PublicKey = "lHrukA9+vn7Jjzx2Nb/1NQ0WiaiKppEqVxrGT5X1RFQ=";
|
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
||||||
|
PresharedKeyFile = config.age.secrets."${pskFile}".path;
|
||||||
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
|
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@@ -83,8 +93,8 @@ in
|
|||||||
];
|
];
|
||||||
"90-vpn" = with wg; {
|
"90-vpn" = with wg; {
|
||||||
matchConfig.Name = "vpn";
|
matchConfig.Name = "vpn";
|
||||||
address = [ "10.66.242.99/32" "fc00:bbbb:bbbb:bb01::3:f262/128" ];
|
address = [ "10.161.170.28/32" "fd7d:76ee:e68f:a993:b12d:6d15:c80a:9516/128" ];
|
||||||
dns = [ "10.64.0.1" ];
|
dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
|
||||||
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
|
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
|
||||||
{
|
{
|
||||||
Family = "both";
|
Family = "both";
|
||||||
|
|||||||
13
secrets/kelder/acquisition/airvpn-privkey.age
Normal file
13
secrets/kelder/acquisition/airvpn-privkey.age
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDdXUTlQQSB4NWhG
|
||||||
|
VTZNTFEyQ3oybkZqSUxGenBwdDBmVHNMTmlXMEZ3b2ZiKzdhUDI4ClhNMzAyNHdx
|
||||||
|
YnZhRlRwUVpkMHRJMkxVeFJ4MGwxamRjNW0ySzVjc2thdWMKLT4gWDI1NTE5IHk2
|
||||||
|
dng5VEM2amRpMThlREk0dy9QTlRKRVIvVkN2YWx0SG54UWp4R0hFejQKanRlYmxP
|
||||||
|
NVVtYXJxdVFsdzJhM2lvU09kWElmS1psM3VYQzhrMkpZK3RKcwotPiBsOy1ncmVh
|
||||||
|
c2UgRDNvSiFGIHVjK19PMSwsIGwKbDM4UE5HNkl1c0tQM0JHOG1EaWRFNUZhYlg5
|
||||||
|
NE5PSTl3K1NQRW5VeWYzNVV0OXd1TmpRK21sbzN5VUZHYzZhWgpVemJMTE80M2p0
|
||||||
|
NmM1SjQ0UCtHa1ArbVhkWis2NTc1YmJHcGN1eURFWkFxbWhHdEJvSkFBCi0tLSA0
|
||||||
|
N29PNTlYOUpza0FxNmpKRTUwNTJWSGNtMUI1Y2dVQW5xeWFVZFdHMmFNCvME06Jn
|
||||||
|
IcrlscKEzgADVR4uS9C8WQrcclw6EO3abNqKrYYcjG8zm0HgoxXY3D5VIsSjISGP
|
||||||
|
lR5AfhtwYJlTk2mbpESqa+Dgn6M4jodm
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
12
secrets/kelder/acquisition/airvpn-psk.age
Normal file
12
secrets/kelder/acquisition/airvpn-psk.age
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDdXUTlQQSA1eURm
|
||||||
|
TXYyV01IT3c5QXlVdjVvTThNM08zblR1UFZmUUNGWVVsT3Z0bG1rCityR3k4TzZT
|
||||||
|
M3FnNVRGL2wxZk9NTXc4NkNpR3VQN242ZGJ6cC9CUmpqNTQKLT4gWDI1NTE5IFRL
|
||||||
|
YnRHVzJ3V05jZUQycFR5L0VTa0RBd1p4T1pDa2ZoSnUxRGEramdWR2MKam5Obktp
|
||||||
|
M2NzbDVoclYxQ3o1RCswUHB3N0lMY0hQdFJKVytaUCsyeGZQYwotPiAuLWdyZWFz
|
||||||
|
ZSB5enkmCmFneG5tL1VxZTZvT1BJOC9pYVZ5MGxZTm9MR0pLanBpTnpwYmU0Nzkr
|
||||||
|
MGc0aFltRlBobHlIcStFd2lrZk1XS1AKNDFMNzBYalZSUGNKRG1NSkpaRDRBSk5J
|
||||||
|
bm1wVnBBCi0tLSBCS3E5UmJ1ZWFFUkRaRk1uK3FTaHhObkFXOXRjNWVnZFU4Z1hv
|
||||||
|
TU1tWGc0CiGhLA73FZyq1kFPjq0PLL2v7u2DtdjJT9Brxzn4lNPTdMYVOMtPbMzX
|
||||||
|
eWSF1QvmZ6VUbUwKnqVd34lrenUffGnqCxWfp9gk1rxB2/SS
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDdXUTlQQSB6ZEFn
|
|
||||||
Rk45WFh1S2NDWmdNTW1aWGJVdTY4aGowQlhpYUFBdUNmc29od0hnCjI2cVlDVVd5
|
|
||||||
VXJKRU90ME9SeFNwRXd4WmM0d0FUVVJLeE1uVEhpalBZVUkKLT4gWDI1NTE5IEoz
|
|
||||||
MHJhNFhBMEhmdFhnWUtrSjFaaDFGbStWdlBneHFZQ0xKSUNabk50akkKb0h4dzB0
|
|
||||||
Z2lxSWZTMmFQbkFrUTZtdE1XZzJmRGZjMDl5bURDeUtQUEFTdwotPiAlWT5hI2wt
|
|
||||||
Z3JlYXNlCmxYVnpVS0x2Y3FWYW5DbW05eVM1SWxkMUxXalRGdFdGM2NRVkRoWGVl
|
|
||||||
Y0hyOGhJbnBTY2ZsdzRKbXJaU3M5SnEKZjhCTXRiRkJqelBYMHRFSlNoUGRMQzJ0
|
|
||||||
NjNlTlRmUi9qdDMzdWlCSkM5ZWF1dXc4cncKLS0tIDJ1cUREVWszcHlhMThMSTY1
|
|
||||||
ZDYzbmtsemxhcE1OM2ZPeG5jZXdKeEgwQVUKNVCcrmBW19BH8MX8k1tqSv0RO796
|
|
||||||
H1Rh+7gzNw/Oczl6jcqmBeqTqgW+GGDN0B5FMO9L9Gf9DzSyHL/oyK7Sd5ECdbGY
|
|
||||||
mTmbYKo7C1k=
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
Reference in New Issue
Block a user