~jb55/citadel

97f1f41fe0433cf1e36e76ae4fdf78b53639a379 — William Casarin 11 months ago d6173dc
monad: fix vpn
1 files changed, 1 insertions(+), 4 deletions(-)

M nix-config/machines/monad/networking/default.nix
M nix-config/machines/monad/networking/default.nix => nix-config/machines/monad/networking/default.nix +1 -4
@@ 4,7 4,7 @@ let
  chromecastIP = "192.168.86.190";
  iptables = "iptables -A nixos-fw";
  ipr = "${pkgs.iproute}/bin/ip";
  hasVPN = builtins.hasAttr "services" config.services.openvpn && config.services.openvpn.services.pia != null;
  hasVPN = true;
  writeBash = extra.util.writeBash;
  transmission-dir = "/zbig/torrents";
  download-dir = "${transmission-dir}/Downloads";


@@ 45,13 45,10 @@ let
    "nixos-fw -s 192.168.122.218 -p udp --dport 138 -j nixos-fw-accept"
    "nixos-fw -s 192.168.122.218 -p tcp --dport 139 -j nixos-fw-accept"
    "nixos-fw -s 192.168.122.218 -p tcp --dport 445 -j nixos-fw-accept"
  ]
  ++ lib.optional hasVPN [
    "OUTPUT -t mangle   -m cgroup --cgroup 11 -j MARK --set-mark 11"
    "POSTROUTING -t nat -m cgroup --cgroup 11 -o tun0 -j MASQUERADE"
  ];


  addRule = rule: "iptables -A ${rule}";
  rmRule = rule: "iptables -D ${rule} || true";
  extraCommands = lib.concatStringsSep "\n" (map addRule firewallRules);