Make MozillaVPN work with tailscale/netmaker/etc

- make a network manager hook template - use for tailscale & netmaker
2024-01-23 00:41:55 +01:00 · 2024-01-23 00:41:55 +01:00 · dc8acd992a
commit dc8acd992a
parent 92792ea0e0
7 changed files with 48 additions and 27 deletions
--- a/NOTES.md
+++ b/NOTES.md
@ -56,8 +56,7 @@
      };
    };
    pkgs-args = {
-      inherit localSystem;
-      inherit overlays;
+      inherit localSystem overlays;
      config = {
        # ....
      };
--- a/flake.nix
+++ b/flake.nix
@ -89,8 +89,7 @@
        inputs.nix-ld-rs.overlays.default
      ];
      pkgs-args = {
-        inherit system;
-        inherit overlays;
+        inherit system overlays;
        config = {
          allowUnfree = true;
          packageOverrides = pkgs: { };
@ -117,9 +116,7 @@
        envfs.nixosModules.envfs
      ];
      args = {
-        inherit self;
-        inherit inputs;
-        inherit system;
+        inherit self inputs system;
      };
    in
    {
--- a/os-mods/network/default.nix
+++ b/os-mods/network/default.nix
@ -5,7 +5,27 @@
 }: {
  networking = {
    networkmanager.enable = true;
+    networkmanager.dispatcherScripts = [
+      {
+        source = import ./moz-nm-hook.fish.nix {
+          inherit pkgs;
+          vpn_interface = "tailscale0";
+          vpn_network = "100.64.0.0/16";
+        };
+        type = "basic";
+      }
+      {
+        source = import ./moz-nm-hook.fish.nix {
+          inherit pkgs;
+          vpn_interface = "netmaker";
+          vpn_network = "10.231.190.1/24";
+        };
+        type = "basic";
+      }
+    ];
+
    useDHCP = lib.mkDefault true;
+
    nameservers = [
      "23.88.68.113#dns.vlt81.de"
      "2a01:4f8:272:5917::baad:c0de#dns.vlt81.de"
--- a/os-mods/network/moz-nm-hook.fish.nix
+++ b/os-mods/network/moz-nm-hook.fish.nix
@ -0,0 +1,21 @@
+{ pkgs
+, vpn_interface
+, vpn_network
+, ...
+}: (pkgs.writeText "${vpn_interface}-route" ''
+  #!${pkgs.fish}/bin/fish
+  set MOZ_INTERFACE "moz0"
+  set VPN_INTERFACE "${vpn_interface}"
+  set VPN_NETWORK "${vpn_network}"
+
+  sleep 1 # give mozillavpn time to create the rules we want to override
+  logger "NetworkManager dispatcher event: $argv[1], $argv[2]"
+
+  # When MOZ interface comes up, check and add the Tailscale route
+  if test "$argv[1]" = "$MOZ_INTERFACE" -a "$argv[2]" = "up"
+    # Re-creating forces high priority in case the route already exists
+    ip route del $VPN_NETWORK dev $VPN_INTERFACE
+    ip route add $VPN_NETWORK dev $VPN_INTERFACE
+    logger "Added Tailscale route for $VPN_NETWORK via $VPN_INTERFACE"
+  end
+'')
--- a/systems/nixos-he4/default.nix
+++ b/systems/nixos-he4/default.nix
@ -53,11 +53,7 @@
      users.tristand = import ../../users/admin-shell.nix {
        username = "tristand";

-        inherit pkgs;
-        inherit config;
-        inherit inputs;
-        inherit system;
-        inherit lib;
+        inherit pkgs config inputs system lib;
      };
    };

--- a/systems/nixos-karl-kvm-guest/default.nix
+++ b/systems/nixos-karl-kvm-guest/default.nix
@ -85,11 +85,7 @@
    users.reopen5194 = import ../../users/admin-thin.nix {
      username = "reopen5194";

-      inherit pkgs;
-      inherit config;
-      inherit inputs;
-      inherit system;
-      inherit lib;
+      inherit pkgs config inputs system lib;
    };
  };

--- a/users/default.nix
+++ b/users/default.nix
@ -28,20 +28,12 @@
    users.tester = import ./admin-thin.nix {
      username = "tester";

-      inherit pkgs;
-      inherit config;
-      inherit inputs;
-      inherit system;
-      inherit lib;
+      inherit pkgs config inputs system lib;
    };
    users.tristand = import ./admin-fat.nix {
      username = "tristand";

-      inherit pkgs;
-      inherit config;
-      inherit inputs;
-      inherit system;
-      inherit lib;
+      inherit pkgs config inputs system lib;
    };
  };
 }