From 142d2c2314f996d52eeaed6447782eb052019938 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Wed, 10 Jan 2024 09:16:13 -0300 Subject: [PATCH] Remove mullvad vpn --- flake.nix | 2 - system/configuration.nix | 1 - system/vpn.nix | 93 ---------------------------------------- 3 files changed, 96 deletions(-) delete mode 100644 system/vpn.nix diff --git a/flake.nix b/flake.nix index 73c72f0..67d3ffd 100644 --- a/flake.nix +++ b/flake.nix @@ -126,14 +126,12 @@ ./system/monolith-gitlab-runner.nix ./system/nix-serve.nix ./system/steam.nix - # { services.vpn.enable = true; } ] ++ common_modules; }; rainbow = lib.nixosSystem { inherit system specialArgs; modules = [ ./hosts/rainbow.nix - { services.vpn.enable = true; } ./system/rainbow-gitlab-runner.nix ] ++ common_modules; }; diff --git a/system/configuration.nix b/system/configuration.nix index 1fb5c6b..03c7221 100644 --- a/system/configuration.nix +++ b/system/configuration.nix @@ -7,7 +7,6 @@ ./cachix.nix ./media-packages.nix ./boot.nix - ./vpn.nix ./thunar.nix ./nix.nix ]; diff --git a/system/vpn.nix b/system/vpn.nix deleted file mode 100644 index 703b5eb..0000000 --- a/system/vpn.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ pkgs, lib, config, ... }: -let - cfg = config.services.vpn; -in -{ - options.services.vpn = { - enable = lib.mkEnableOption "Whether vpn should be enabled"; - }; - - config = lib.mkIf cfg.enable { - networking.firewall.enable = false; - - services.mullvad-vpn.enable = true; - services.mullvad-vpn.package = pkgs.mullvad-vpn; - - networking.nftables = { - enable = true; - ruleset = '' - table inet allowAll { - chain allowIncoming { - type filter hook input priority -100; policy accept; - tcp dport 0-10999 ct mark set 0x00000f41 meta mark set 0x6d6f6c65 - } - chain allowOutgoing { - type route hook output priority -100; policy accept; - tcp sport 0-10999 ct mark set 0x00000f41 meta mark set 0x6d6f6c65 - } - } - - ###################################### - # _ _ # - # __| | ___ ___| | _____ _ __ # - # / _` |/ _ \ / __| |/ / _ \ '__| # - # | (_| | (_) | (__| < __/ | # - # \__,_|\___/ \___|_|\_\___|_| # - # # - ###################################### - - # This gets sent to the vpn so it's safe - - table ip nat { - chain DOCKER { - iifname "docker0" counter packets 0 bytes 0 return - } - - chain POSTROUTING { - type nat hook postrouting priority srcnat; policy accept; - oifname != "docker0" ip saddr 172.17.0.0/16 counter packets 0 bytes 0 masquerade - } - - chain PREROUTING { - type nat hook prerouting priority dstnat; policy accept; - fib daddr type local counter packets 5 bytes 252 jump DOCKER - } - - chain OUTPUT { - type nat hook output priority -100; policy accept; - ip daddr != 127.0.0.0/8 fib daddr type local counter packets 0 bytes 0 jump DOCKER - } - } - table ip filter { - chain DOCKER { - } - - chain DOCKER-ISOLATION-STAGE-1 { - iifname "docker0" oifname != "docker0" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2 - counter packets 0 bytes 0 return - } - - chain DOCKER-ISOLATION-STAGE-2 { - oifname "docker0" counter packets 0 bytes 0 drop - counter packets 0 bytes 0 return - } - - chain FORWARD { - type filter hook forward priority filter; policy accept; - counter packets 0 bytes 0 jump DOCKER-USER - counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-1 - oifname "docker0" ct state related,established counter packets 0 bytes 0 accept - oifname "docker0" counter packets 0 bytes 0 jump DOCKER - iifname "docker0" oifname != "docker0" counter packets 0 bytes 0 accept - iifname "docker0" oifname "docker0" counter packets 0 bytes 0 accept - } - - chain DOCKER-USER { - counter packets 0 bytes 0 return - } - } - - ''; - }; - }; -}