power saving, starr, jelly, akkoma

2026-03-20 13:59:08 +01:00 · 2026-03-20 13:59:08 +01:00 · a0d19a672e
commit a0d19a672e
parent 8f6d63909a
20 changed files with 439 additions and 22 deletions
--- a/services/wireguard.nix
+++ b/services/wireguard.nix
@ -0,0 +1,48 @@
+{ config, pkgs, ... }:
+{
+  networking.wireguard.enable = true;
+  networking.wireguard.interfaces = {
+    wg-mullvad = {
+      # Use a separate network namespace for the VPN.
+      # sudo ip netns exec wg-qbittorrent curl --interface wg-mullvad https://am.i.mullvad.net/connected
+    
+      privateKeyFile = "/etc/secrets/vpn.txt";
+      ips = ["10.155.12.117/32" "fd7d:76ee:e68f:a993:3523:7cc2:943c:18a9/128"];
+      interfaceNamespace = "wg-mullvad-namespace";
+      mtu = 1320;
+    
+      preSetup = ''
+        ip netns add wg-mullvad-namespace
+        ip -n wg-mullvad-namespace link set lo up
+
+	ip link add veth-host type veth peer name veth-vpn
+	ip link set veth-vpn netns wg-mullvad-namespace
+	ip addr add 10.200.200.1/24 dev veth-host
+	ip netns exec wg-mullvad-namespace ip addr add 10.200.200.2/24 dev veth-vpn
+	ip link set veth-host up
+	ip netns exec wg-mullvad-namespace ip link set veth-vpn up
+	ip netns exec wg-mullvad-namespace ip route add default via 10.200.200.1
+
+        mkdir -p /etc/netns/wg-mullvad-namespace
+        echo "nameserver 10.128.0.1" > /etc/netns/wg-mullvad-namespace/resolv.conf
+        echo "nameserver fd7d:76ee:e68f:a993::1" >> /etc/netns/wg-mullvad-namespace/resolv.conf
+      '';
+    
+      postShutdown = ''
+        ip netns del wg-mullvad-namespace
+
+	ip link del veth-host
+      '';
+    	
+      peers = [
+        {
+          publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
+	  presharedKey = "YAbLXCB/uuKPfulaFAylvGbh3nuE881GupBZ/HBULpQ=";
+          allowedIPs = ["0.0.0.0/0" "::0/0"];
+          endpoint = "europe3.vpn.airdns.org:1637";
+	  persistentKeepalive = 15;
+        }
+      ];
+    };
+  };
+}