#nixos-on-your-router on 2021-04-14

2019-08-19 13:17 eyJhb changed the topic of #nixos-on-your-router to: NixOS on your Router || https://logs.nix.samueldr.com/nixos-on-your-router

03:57 fooker has quit [Ping timeout: 246 seconds]

03:58 fooker has joined #nixos-on-your-router

06:29 <eyJhb> NinjaTrappeur: Thanks, I think I can use the solution from that. :)

06:34 steveeJ has quit [Read error: Connection reset by peer]

06:37 steveeJ has joined #nixos-on-your-router

08:03 <NinjaTrappeur> nice. I used that NixOS module overloading to access the physical NS trick as well back when traveling was still a thing :)

08:03 <NinjaTrappeur> It works resonably well.

08:19 srk has joined #nixos-on-your-router

08:22 <eyJhb> NinjaTrappeur: I think I got that part somewhat working. However it does not route add default ... correct

08:22 <eyJhb> But now I am trying to setup the systemd units, to force a application to use that namespace.

08:23 <eyJhb> All examples are copy/pasted, and have very few comments as to why it is all done

08:27 <NinjaTrappeur> In the pure Nix tradition, we have this knowledge deeply burried in a GitHub issue instead of properly documented in the wiki.

08:27 <NinjaTrappeur> ^ Just to be clear, I'm part of the issue here.

08:56 <eyJhb> Got it working NinjaTrappeur :D Pretty, no... Works, I guess.

09:31 <eyJhb> Ohh F... I forgot that the application I want to run using the Wireguard also have a management website... That I don't want to run using that :|

09:37 <NinjaTrappeur> nice

09:39 <eyJhb> Yup. Any ideas NinjaTrappeur ? Have port 8080 that the service exposes to manage stuff and things, that should be able to be access on the server using 127.0.0.1:8080

09:40 <NinjaTrappeur> I lost you. Do you run this service in your "physical" ns?

09:41 <NinjaTrappeur> or in the default wireguard-routed one?

09:45 <eyJhb> I setup a new namespace, ie. wg0 that uses my Wireguard to tunnel all traffic in that namespace. Using this setup - https://mth.st/blog/nixos-wireguard-netns/

09:46 <eyJhb> So I then add these -> https://termbin.com/nqnz to my systemd service, which makes it run that application using that namespace and ie. use the Wireguard tunnel. However, this also means that I cannot access 8080 in that namespace, as it is seperate

09:47 <eyJhb> Not sure if I can pull out the port from that namespace?

10:07 <lukegb> eyJhb: you'd have to use a veth, I think, and then access the management interface using that internal IP instead

10:12 <hexa-> correct

10:42 <eyJhb> Will try that, thanks :) Hopefully I can clean all this up and make it nice and clean.

13:39 aleph- has quit [Quit: WeeChat info:version]

13:42 aleph- has joined #nixos-on-your-router

14:12 <eyJhb> I have tried to setup the veth using the following commands https://termbin.com/o4hs (my wireguard interface ip inside the wg0 namespace is 10.100.0.2), but I seem to be missing something. Any idea?

17:55 clever has quit [Ping timeout: 248 seconds]

17:56 clever has joined #nixos-on-your-router

19:48 aleph- has quit [Ping timeout: 240 seconds]

20:00 WilliButz has quit [Remote host closed the connection]

20:02 WilliButz has joined #nixos-on-your-router

20:43 <eyJhb> Needed the more specific outgoing IP :)

20:57 srk has quit [Ping timeout: 252 seconds]

21:50 aleph- has joined #nixos-on-your-router

22:02 aleph- has quit [Quit: WeeChat info:version]

22:03 aleph- has joined #nixos-on-your-router

23:00 aleph- has quit [Ping timeout: 240 seconds]