From d8b5d74dcb119615f9eb454db43d46ced83934d0 Mon Sep 17 00:00:00 2001 From: Noah Masur <7386960+nmasur@users.noreply.github.com> Date: Sun, 9 Oct 2022 18:32:43 +0000 Subject: [PATCH] transmission reaches internet through vpn --- modules/services/transmission.nix | 6 ++---- modules/services/wireguard.nix | 6 +++--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/modules/services/transmission.nix b/modules/services/transmission.nix index d224ba6..cb9e827 100644 --- a/modules/services/transmission.nix +++ b/modules/services/transmission.nix @@ -37,7 +37,7 @@ in { requires = [ "network-online.target" ]; after = [ "wireguard-wg0.service" ]; unitConfig.JoinsNamespaceOf = "netns@wg.service"; - serviceConfig = { PrivateNetwork = true; }; + serviceConfig.NetworkNamespacePath = "/var/run/netns/wg"; }; # Create reverse proxy for web UI @@ -51,12 +51,10 @@ in { # Allow inbound connections to reach namespace systemd.services.transmission-web-netns = { - description = "Forward to transmission in netns"; + description = "Forward to transmission in wireguard namespace"; requires = [ "transmission.service" ]; after = [ "transmission.service" ]; serviceConfig = { - User = "transmission"; - Group = "transmission"; Restart = "on-failure"; TimeoutStopSec = 300; }; diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix index e6eba2e..40fb6e7 100644 --- a/modules/services/wireguard.nix +++ b/modules/services/wireguard.nix @@ -33,15 +33,15 @@ in { }]; - # Namespaces + # Move to network namespace for isolating programs interfaceNamespace = "wg"; - # socketNamespace = "wg"; }; }; }; # Create namespace for Wireguard + # This allows us to isolate specific programs to Wireguard systemd.services."netns@" = { description = "%I network namespace"; before = [ "network.target" ]; @@ -53,7 +53,7 @@ in { }; }; - # Private key file for wireguard + # Create private key file for wireguard systemd.services.wireguard-private-key = { wantedBy = [ "wireguard-wg0.service" ]; requiredBy = [ "wireguard-wg0.service" ];