From 97a530c61c2d3bbb6f7f1cd1e551fe752db13810 Mon Sep 17 00:00:00 2001 From: Nickiel12 Date: Sat, 6 Jan 2024 19:59:12 -0800 Subject: [PATCH] got tailscale -> proton but not the other idea --- flake.lock | 40 +------------------------ flake.nix | 2 -- home.nix | 1 + hosts/Alaska/modules/headscale.nix | 3 ++ hosts/Alaska/modules/protonvpn.nix | 48 +++++++++++++++++++++++------- 5 files changed, 43 insertions(+), 51 deletions(-) diff --git a/flake.lock b/flake.lock index 8c07622..1f341ca 100644 --- a/flake.lock +++ b/flake.lock @@ -1,26 +1,5 @@ { "nodes": { - "erosanix": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1704240213, - "narHash": "sha256-77L3ABF6aA94/1dEEABwgtWJ/q5PJ7U0DX6daFhOpOw=", - "owner": "emmanuelrosa", - "repo": "erosanix", - "rev": "9b42da22ad64502690e57fedadf3155150daafbd", - "type": "github" - }, - "original": { - "owner": "emmanuelrosa", - "repo": "erosanix", - "type": "github" - } - }, "ewwtilities": { "inputs": { "nixpkgs": "nixpkgs", @@ -56,22 +35,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -415,7 +378,7 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-utils": "flake-utils_4", "gitignore": "gitignore", "nixpkgs": [ @@ -440,7 +403,6 @@ }, "root": { "inputs": { - "erosanix": "erosanix", "ewwtilities": "ewwtilities", "headscale": "headscale", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index a9a030d..22916e3 100644 --- a/flake.nix +++ b/flake.nix @@ -65,7 +65,6 @@ { networking.hostName = "Alaska"; } - inputs.erosanix.nixosModules.protonvpn inputs.nicks_nextcloud_integrations.nixosModules.default ./hosts/Alaska home-manager.nixosModules.home-manager { @@ -128,7 +127,6 @@ { networking.hostName = "NicksNixDesktop"; } - inputs.erosanix.nixosModules.protonvpn kmonad.nixosModules.default ./hosts/desktop ./hosts/configuration.nix diff --git a/home.nix b/home.nix index c468a88..ee93d6d 100644 --- a/home.nix +++ b/home.nix @@ -38,6 +38,7 @@ let fd fortune neofetch + nftables pfetch rmtrash testdisk # file recovery https://itsfoss.com/recover-deleted-files-linux/ diff --git a/hosts/Alaska/modules/headscale.nix b/hosts/Alaska/modules/headscale.nix index 73b6033..aa5718a 100644 --- a/hosts/Alaska/modules/headscale.nix +++ b/hosts/Alaska/modules/headscale.nix @@ -5,6 +5,9 @@ let baseDomain = "nickiel.net"; domain = "headscale.${baseDomain}"; in { + # headscale routes list + # headscale routes enable -r NUMBER + # to enable exit node to be used boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; diff --git a/hosts/Alaska/modules/protonvpn.nix b/hosts/Alaska/modules/protonvpn.nix index 6d0ff59..1945475 100644 --- a/hosts/Alaska/modules/protonvpn.nix +++ b/hosts/Alaska/modules/protonvpn.nix @@ -6,7 +6,6 @@ in networking.firewall = { allowedUDPPorts = [ 53 - config.services.protonvpn.interface.port ]; allowedTCPPorts = [ 53 @@ -15,7 +14,6 @@ in networking.wg-quick.interfaces."protonvpn" = { autostart = false; - #dns = [ 10.2.0.1 ]; privateKeyFile = "/home/nixolas/.passfiles/protonvpn"; address = [ "10.2.0.2/32" ]; listenPort = 51820; @@ -30,18 +28,48 @@ in # This allows the wireguard server to route your traffic to the internet and hence be like a VPN postUp = '' - # ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT - # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE - # ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT - # ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE + ${pkgs.nftables}/bin/nft -f - <