2023-04-13 20:46:32 +00:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
2023-04-18 22:43:25 +00:00
|
|
|
environment.systemPackages = with pkgs; [ ldns tcpdump wireguard-tools ];
|
2023-04-13 20:46:32 +00:00
|
|
|
|
2023-04-18 21:20:35 +00:00
|
|
|
environment.etc."netns/wg/resolv.conf" = {
|
|
|
|
mode = "0644";
|
|
|
|
text = ''
|
|
|
|
nameserver 10.64.0.1
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-04-13 20:46:32 +00:00
|
|
|
systemd.services."netns@" = {
|
|
|
|
description = "%I network namespace";
|
|
|
|
before = [ "network.target" ];
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
RemainAfterExit = true;
|
|
|
|
ExecStart = "${pkgs.iproute}/bin/ip netns add %I";
|
|
|
|
ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.wg = {
|
|
|
|
description = "wg network interface";
|
|
|
|
bindsTo = [ "netns@wg.service" ];
|
|
|
|
requires = [ "network-online.target" ];
|
2023-04-14 22:34:25 +00:00
|
|
|
after = [ "netns@wg.service" "run-agenix.d.mount" ];
|
2023-04-13 20:46:32 +00:00
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
RemainAfterExit = true;
|
|
|
|
ExecStart = with pkgs; writers.writeBash "wg-up" ''
|
|
|
|
set -e
|
2023-04-18 18:03:18 +00:00
|
|
|
echo "Setting lo to up ..."
|
|
|
|
${iproute}/bin/ip -n wg link set lo up
|
|
|
|
echo "Creating veth bridge ..."
|
|
|
|
${iproute}/bin/ip link add name vethwghost0 type veth peer name vethwgns0
|
|
|
|
${iproute}/bin/ip link set vethwgns0 netns wg
|
|
|
|
${iproute}/bin/ip address add 192.168.42.1/24 dev vethwghost0
|
|
|
|
${iproute}/bin/ip -n wg address add 192.168.42.2/24 dev vethwgns0
|
|
|
|
${iproute}/bin/ip link set vethwghost0 up
|
|
|
|
${iproute}/bin/ip -n wg link set vethwgns0 up
|
|
|
|
echo "Creating wg0 interface ..."
|
2023-04-13 20:46:32 +00:00
|
|
|
${iproute}/bin/ip link add wg0 type wireguard
|
|
|
|
${wireguard-tools}/bin/wg setconf wg0 ${config.age.secrets.wireguard-config.path}
|
|
|
|
${iproute}/bin/ip link set wg0 netns wg
|
|
|
|
${iproute}/bin/ip -n wg address add 10.66.10.158/32 dev wg0
|
|
|
|
${iproute}/bin/ip -n wg -6 address add fc00:bbbb:bbbb:bb01::3:a9d/128 dev wg0
|
|
|
|
${iproute}/bin/ip -n wg link set wg0 up
|
|
|
|
${iproute}/bin/ip -n wg route add default dev wg0
|
|
|
|
${iproute}/bin/ip -n wg -6 route add default dev wg0
|
2023-04-14 22:17:41 +00:00
|
|
|
echo "Done!"
|
2023-04-13 20:46:32 +00:00
|
|
|
'';
|
|
|
|
ExecStop = with pkgs; writers.writeBash "wg-down" ''
|
2023-04-14 22:17:41 +00:00
|
|
|
echo "Tearing down wg0 ..."
|
2023-04-13 20:46:32 +00:00
|
|
|
${iproute}/bin/ip -n wg route del default dev wg0
|
|
|
|
${iproute}/bin/ip -n wg -6 route del default dev wg0
|
|
|
|
${iproute}/bin/ip -n wg link del wg0
|
2023-04-18 18:03:18 +00:00
|
|
|
echo "Tearing down veth bridge ..."
|
|
|
|
${iproute}/bin/ip -n wg link del vethwgns0
|
|
|
|
${iproute}/bin/ip link del vethwghost0
|
|
|
|
echo "Setting lo to down ..."
|
2023-04-13 22:12:24 +00:00
|
|
|
${iproute}/bin/ip -n wg link set lo down
|
2023-04-14 22:17:41 +00:00
|
|
|
echo "Done!"
|
2023-04-13 20:46:32 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|