xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

desec

Browse source
This commit is contained in:
xyno (Philipp Hochkamp) 2023-09-14 15:50:04 +02:00
parent 0342390b6f
commit 91259d02e7
11 changed files with 154 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

68
nixos-modules/services/tailscale-to-vpn.nix Normal file
View file

@ -0,0 +1,68 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.ragon.tailscaleToVpn;
ovpnConfigPath = cfg.ovpnConfigPath;
stateVer = config.system.stateVersion;
in
{
options.ragon.tailscaleToVpn = {
enable = mkEnableOption "tailscale-to-vpn. you need to enable nat to ve-+ able to use this";
ovpnConfigPath = mkOption {
type = types.str;
default = "/etc/openvpn/client.conf";
description = "full path to the OpenVPN client configuration file, is expected to be in /run";
};
};
config = mkIf cfg.enable {
networking.bridges.br-ovpn-ts = {
interfaces = [ ];
};
containers.TSTVPN-openvpn = {
ephemeral = true;
enableTun = true;
interfaces = [ "br-ovpn-ts" ];
localAddress = "192.168.102.11";
hostAddress = "192.168.102.10";
config = { config, pkgs, ... }: {
system.stateVersion = stateVer;
networking.interfaces.br-ovpn-ts = {
ipv4.addresses = [ "192.168.101.1/24" ];
};
services.openvpn.servers.bridge = {
config = ''
config /host${ovpnConfigPath}
dev ovpn-bridge
dev-type tun
'';
};
networking.nat = {
externalInterface = "ovpn-bridge";
internalInterfaces = [ "br-ovpn-ts" ];
};
};
privateNetwork = true;
bindMounts = {
"/host/run" = { hostPath = "/run"; isReadOnly = true; };
"/run/agenix.d" = { hostPath = "/run/agenix.d"; isReadOnly = true; };
};
};
containers.TSTVPN-tailscale = {
enableTun = true;
hostBridge = "br-ovpn-ts";
localAddress = "192.168.101.2/24";
privateNetwork = true;
config = { config, pkgs, ... }: {
system.stateVersion = stateVer;
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
};
};
};
}