diff --git a/lib/networking.nix b/lib/networking.nix index 8499ee36..124873fb 100644 --- a/lib/networking.nix +++ b/lib/networking.nix @@ -101,57 +101,4 @@ dns = nameserver; }; }; - - mkNetworkNamespace = name: '' - ${pkgs.iproute2}/bin/ip netns add ${name} # Create the Namespace - ${pkgs.iproute2}/bin/ip -n ${name} link set lo up # Enable the Loopback device - ''; - - killNetworkNamespace = name: '' - ${pkgs.iproute2}/bin/ip netns del ${name} # Delete the Namespace - ''; - - # VPN stuff - mkWireguardService = let - # NOTE: The interface and netns have the same name, so it's a bit confusing - mkWireguardTunnel = name: privatekey: publickey: endpoint: '' - ${pkgs.iproute2}/bin/ip link add ${name} type wireguard - ${pkgs.iproute2}/bin/ip link set ${name} netns ${name} - ${pkgs.iproute2}/bin/ip netns exec ${name} ${pkgs.wireguard-tools}/bin/wg set ${name} \ - private-key /home/christoph/.secrets/wireguard/${privatekey} \ - peer ${publickey} \ - allowed-ips 0.0.0.0/0 \ - endpoint ${endpoint}:51820 - ${pkgs.iproute2}/bin/ip -n ${name} addr add 10.2.0.2/32 dev ${name} - ${pkgs.iproute2}/bin/ip -n ${name} link set ${name} up - ${pkgs.iproute2}/bin/ip -n ${name} route add default dev ${name} - ''; - - killWireguardTunnel = name: '' - ${pkgs.iproute2}/bin/ip -n ${name} link del ${name} - ''; - in - name: privatekey: publickey: endpoint: { - description = "Wireguard ProtonVPN Server ${name}"; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = pkgs.writeScript "${name}-up" '' - #! ${pkgs.bash}/bin/bash - ${mkNetworkNamespace "${name}"} - ${mkWireguardTunnel "${name}" "${privatekey}" "${publickey}" "${endpoint}"} - ''; - ExecStop = pkgs.writeScript "wg0-de-115-down" '' - #! ${pkgs.bash}/bin/bash - ${killWireguardTunnel "${name}"} - ${killNetworkNamespace "${name}"} - ''; - }; - }; - - # mkOpenVPNService = let - # mkOpenVPNTunnel = ""; - # killOpenVPNTunnel = ""; - # in - # name: {}; } diff --git a/system/modules/network/default.nix b/system/modules/network/default.nix index 4d58a5a4..5aee70ee 100644 --- a/system/modules/network/default.nix +++ b/system/modules/network/default.nix @@ -44,38 +44,8 @@ in { inherit (cfg) networks; }; - # Wireguard VPNs - systemd.services = mkIf (!cfg.useNetworkManager) cfg.wireguard-tunnels; - - # NOTE: I can connect to TU Dortmund directly - # TODO: Use config with netns, like with wireguard - # services.openvpn.servers = { - # # TODO: Can't read config file... - # tu-dortmund-irb = { - # autoStart = false; - # config = "config ~/NixFlake/config/openvpn/tu-dortmund-irb.ovpn"; - # }; - # }; - - # TODO: Rewrite with lib.pipe - # Generate list of vpns for rofi menu - environment.etc."rofi-vpns" = let - names-list = attrNames cfg.wireguard-tunnels; - names = concatStringsSep "\n" names-list; - in - mkIf (!cfg.useNetworkManager) {text = names;}; - - # Allow to enable/disable tunnels without root password - modules.polkit.allowedSystemServices = let - vpn-services = lib.pipe cfg.wireguard-tunnels [ - attrNames - (map (v: "${v}.service")) - ]; - in - mkIf (!cfg.useNetworkManager) vpn-services; - modules.polkit.allowedActions = mkIf cfg.useNetworkManager [ - # NOTE: List permissions by running "nmcli general permissions" + # List NM permissions by running "nmcli general permissions" "org.freedesktop.NetworkManager.settings.modify.system" ]; diff --git a/system/modules/network/options.nix b/system/modules/network/options.nix index 4586b008..440d433c 100644 --- a/system/modules/network/options.nix +++ b/system/modules/network/options.nix @@ -41,17 +41,6 @@ with mylib.modules; { ''; }; - wireguard-tunnels = mkOption { - type = types.attrs; - default = {}; - description = "Wireguard VPN Tunnels"; - example = '' - wg0-de-115 = { - [...] - }; - ''; - }; - allowedTCPPorts = mkOption { type = types.listOf types.int; default = []; diff --git a/system/nixinator/default.nix b/system/nixinator/default.nix index 6873bf1b..2898b6a1 100644 --- a/system/nixinator/default.nix +++ b/system/nixinator/default.nix @@ -72,43 +72,6 @@ 8090 # PocketBase 4242 # Lan-Mouse ]; - - wireguard-tunnels = { - wg0-de-115 = - mylib.networking.mkWireguardService - "wg0-de-115" - "proton-de-115.key" - "9+CorlxrTsQR7qjIOVKsEkk8Z7UUS5WT3R1ccF7a0ic=" - "194.126.177.14"; - - wg0-de-205 = - mylib.networking.mkWireguardService - "wg0-de-205" - "proton-de-205.key" - "MOLPnnM2MSq7s7KqAgpm+AWpmzFAtuE46qBFHeLg5Tk=" - "217.138.216.130"; - - wg0-lu-16 = - mylib.networking.mkWireguardService - "wg0-lu-16" - "proton-lu-16.key" - "asu9KtQoZ3iKwELsDTgjPEiFNcD1XtgGgy3O4CZFg2w=" - "92.223.89.133"; - - wg0-kh-8 = - mylib.networking.mkWireguardService - "wg0-kh-8" - "proton-kh-8.key" - "D4M0O60wCBf1nYWOmXRfK7IpgG7VBBwQLeWVFLIqFG4=" - "188.215.235.82"; - - wg0-ch-70 = - mylib.networking.mkWireguardService - "wg0-ch-70" - "proton-ch-70.key" - "17I34jHOMcmI7LKBqxosTfLgwGjO5OKApLcRSPlyymM=" - "185.159.157.13"; - }; }; }; diff --git a/system/nixtop/default.nix b/system/nixtop/default.nix index bfe161bb..53594c91 100644 --- a/system/nixtop/default.nix +++ b/system/nixtop/default.nix @@ -9,21 +9,7 @@ network = { useNetworkManager = true; - wireguard-tunnels = { - wg0-de-74 = - mylib.networking.mkWireguardService - "wg0-de-74" - "proton-de-74.key" - "fvHmPj3wAKolN80+/KJ3a/DFjMToCsr3iPGwX8+og1g=" - "194.126.177.7"; - - wg0-lu-6 = - mylib.networking.mkWireguardService - "wg0-lu-6" - "proton-lu-6.key" - "EAZS8FTE2sXm8NFD8ViqcO5PMzvnyIHD1ScxX8UxIzE=" - "92.223.89.141"; - }; + # TODO: There's probably something missing here? }; };