transmission reaches internet through vpn

2024-11-22 16:55:38 +00:00 · 2022-10-09 18:32:43 +00:00 · 2022-10-09 18:32:43 +00:00 · d8b5d74dcb
commit d8b5d74dcb
parent 129e4bba4b
2 changed files with 5 additions and 7 deletions
--- a/modules/services/transmission.nix
+++ b/modules/services/transmission.nix
@ -37,7 +37,7 @@ in {
      requires = [ "network-online.target" ];
      after = [ "wireguard-wg0.service" ];
      unitConfig.JoinsNamespaceOf = "netns@wg.service";
-      serviceConfig = { PrivateNetwork = true; };
+      serviceConfig.NetworkNamespacePath = "/var/run/netns/wg";
    };
    # Create reverse proxy for web UI
@ -51,12 +51,10 @@ in {
    # Allow inbound connections to reach namespace
    systemd.services.transmission-web-netns = {
-      description = "Forward to transmission in netns";
+      description = "Forward to transmission in wireguard namespace";
      requires = [ "transmission.service" ];
      after = [ "transmission.service" ];
      serviceConfig = {
        User = "transmission";
        Group = "transmission";
        Restart = "on-failure";
        TimeoutStopSec = 300;
      };
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@ -33,15 +33,15 @@ in {
        }];
-        # Namespaces
+        # Move to network namespace for isolating programs
        interfaceNamespace = "wg";
        # socketNamespace = "wg";
      };
    };
  };
  # Create namespace for Wireguard
  # This allows us to isolate specific programs to Wireguard
  systemd.services."netns@" = {
    description = "%I network namespace";
    before = [ "network.target" ];
@ -53,7 +53,7 @@ in {
    };
  };
-  # Private key file for wireguard
+  # Create private key file for wireguard
  systemd.services.wireguard-private-key = {
    wantedBy = [ "wireguard-wg0.service" ];
    requiredBy = [ "wireguard-wg0.service" ];