-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f1e1b59
commit 435cdd1
Showing
2 changed files
with
21 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,29 +13,25 @@ with lib; let | |
| cfg = config.util-nixarr.vpnnamespace; | ||
| in { | ||
| options.util-nixarr.vpnnamespace = { | ||
| enable = | ||
| mkEnableOption (lib.mdDoc "VPN Namespace") | ||
| // { | ||
| description = lib.mdDoc '' | ||
| Whether to enable the VPN namespace. | ||
| To access the namespace a veth pair is used to | ||
| connect the vpn namespace and the default namespace | ||
| through a linux bridge. One end of the pair is | ||
| connected to the linux bridge on the default namespace. | ||
| The other end is connected to the vpn namespace. | ||
| Systemd services can be run within the namespace by | ||
| adding these options: | ||
| bindsTo = [ "[email protected]" ]; | ||
| requires = [ "network-online.target" ]; | ||
| after = [ "wg.service" ]; | ||
| serviceConfig = { | ||
| NetworkNamespacePath = "/var/run/netns/wg"; | ||
| }; | ||
| ''; | ||
| enable = mkEnableOption '' | ||
| Whether to enable the VPN namespace. | ||
| To access the namespace a veth pair is used to | ||
| connect the vpn namespace and the default namespace | ||
| through a linux bridge. One end of the pair is | ||
| connected to the linux bridge on the default namespace. | ||
| The other end is connected to the vpn namespace. | ||
| Systemd services can be run within the namespace by | ||
| adding these options: | ||
| bindsTo = [ "[email protected]" ]; | ||
| requires = [ "network-online.target" ]; | ||
| after = [ "wg.service" ]; | ||
| serviceConfig = { | ||
| NetworkNamespacePath = "/var/run/netns/wg"; | ||
| }; | ||
| ''; | ||
|
|
||
| accessibleFrom = mkOption { | ||
| type = types.listOf types.str; | ||
|
|
||