From 4eaaa15c63e7f74adc7fa6b13236a70e1ff4f1b9 Mon Sep 17 00:00:00 2001 From: Ryan Horiguchi Date: Wed, 3 May 2023 23:15:22 +0200 Subject: [PATCH] WIP Laptop debug --- .../headless/server/sonarr/deluge/default.nix | 110 +++++++++--------- configuration/devices/laptop/default.nix | 2 + configuration/devices/laptop/vpn.nix | 68 +++++++++++ 3 files changed, 125 insertions(+), 55 deletions(-) create mode 100644 configuration/devices/laptop/vpn.nix diff --git a/configuration/devices/headless/server/sonarr/deluge/default.nix b/configuration/devices/headless/server/sonarr/deluge/default.nix index 85b2f1cf0..ca20a7066 100644 --- a/configuration/devices/headless/server/sonarr/deluge/default.nix +++ b/configuration/devices/headless/server/sonarr/deluge/default.nix @@ -24,61 +24,61 @@ in { }; }; - openvpn.servers.deluge = { - config = let - ips = [ - # Netherlands - "138.199.7.129" - "146.70.86.114" - "185.107.56.224" - "185.107.56.229" - "185.107.57.49" - "185.107.80.190" - "190.2.131.156" - "190.2.132.124" - "190.2.132.139" - "62.112.9.164" - ]; - ports = [ 1194 4569 51820 5060 80 ]; - - remotes = lib.flatten (map (ip: map (port: "remote ${ip} ${toString port}") ports) ips); - in '' - auth SHA512 - verb 3 - - client - dev ${vpnInterface} - proto udp - persist-tun - - pull - route-nopull - - ${lib.concatStringsSep "\n" remotes} - server-poll-timeout 20 - remote-random - resolv-retry infinite - nobind - - fast-io - tun-mtu 1500 - tun-mtu-extra 32 - mssfix 1450 - reneg-sec 0 - - persist-key - ca ${./ca.pem} - - setenv CLIENT_CERT 0 - remote-cert-tls server - tls-auth ${./server.key} 1 - ''; - - authUserPass = { - username = secrets.protonvpn.username; - password = secrets.protonvpn.password; - }; - }; + # openvpn.servers.deluge = { + # config = let + # ips = [ + # # Netherlands + # "138.199.7.129" + # "146.70.86.114" + # "185.107.56.224" + # "185.107.56.229" + # "185.107.57.49" + # "185.107.80.190" + # "190.2.131.156" + # "190.2.132.124" + # "190.2.132.139" + # "62.112.9.164" + # ]; + # ports = [ 1194 4569 51820 5060 80 ]; + + # remotes = lib.flatten (map (ip: map (port: "remote ${ip} ${toString port}") ports) ips); + # in '' + # auth SHA512 + # verb 3 + + # client + # dev ${vpnInterface} + # proto udp + # persist-tun + + # pull + # route-nopull + + # ${lib.concatStringsSep "\n" remotes} + # server-poll-timeout 20 + # remote-random + # resolv-retry infinite + # nobind + + # fast-io + # tun-mtu 1500 + # tun-mtu-extra 32 + # mssfix 1450 + # reneg-sec 0 + + # persist-key + # ca ${./ca.pem} + + # setenv CLIENT_CERT 0 + # remote-cert-tls server + # tls-auth ${./server.key} 1 + # ''; + + # authUserPass = { + # username = secrets.protonvpn.username; + # password = secrets.protonvpn.password; + # }; + # }; deluge = { enable = true; diff --git a/configuration/devices/laptop/default.nix b/configuration/devices/laptop/default.nix index b0ecd8510..b85181ed8 100644 --- a/configuration/devices/laptop/default.nix +++ b/configuration/devices/laptop/default.nix @@ -4,6 +4,8 @@ ./rsnapshot.nix ./hardware-configuration.nix + + ./vpn.nix ]; boot.loader = { diff --git a/configuration/devices/laptop/vpn.nix b/configuration/devices/laptop/vpn.nix new file mode 100644 index 000000000..a7a99e437 --- /dev/null +++ b/configuration/devices/laptop/vpn.nix @@ -0,0 +1,68 @@ +{ lib, secrets, ... }: +let vpnInterface = "tun-deluge"; +in { + services = { + # udev.extraRules = '' + # ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="tun-deluge", RUN+="${pkgs.nettools}/bin/route add -net $(ip route | grep ${vpnInterface} | grep -oP "(\d+\.){3}\d+/\d+")" + # ''; + + # udev.extraRules = '' + # ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="tun-deluge", RUN+="${pkgs.iproute2}/bin/ip route add default via 0.0.0.0 dev ${vpnInterface}" + # ''; + + # default_iface=$(ip route | awk '/default/ {print $5}') + # default_gateway=$(ip route show dev $default_iface | awk '/default via/ {print $3}') + # echo "Default gateway IP address: $default_gateway" + + # sudo ip route add default via 192.168.1.1 dev tun-deluge + # sudo ip route add 192.168.1.1 dev tun-deluge + + openvpn.servers.deluge = { + config = let + addresses = { + # Netherlands + "62.112.9.164" = 51820; + "190.2.146.180" = 51820; + "138.199.7.129" = 51820; + }; + + remotes = lib.mapAttrsToList (ip: port: "remote ${ip} ${toString port}") addresses; + in '' + auth SHA512 + verb 3 + + client + dev ${vpnInterface} + proto udp + persist-tun + + route-nopull + + ${lib.concatStringsSep "\n" remotes} + + server-poll-timeout 20 + remote-random + resolv-retry infinite + nobind + + fast-io + tun-mtu 1500 + tun-mtu-extra 32 + mssfix 1450 + reneg-sec 0 + + persist-key + ca ${../headless/server/sonarr/deluge/ca.pem} + + setenv CLIENT_CERT 0 + remote-cert-tls server + tls-auth ${../headless/server/sonarr/deluge/server.key} 1 + ''; + + authUserPass = { + username = secrets.protonvpn.username; + password = secrets.protonvpn.password; + }; + }; + }; +}