Make MozillaVPN work with tailscale/netmaker/etc

- make a network manager hook template
- use for tailscale & netmaker

NOTES.md

@@ -56,8 +56,7 @@
       };
     };
     pkgs-args = {
-      inherit localSystem;
+      inherit localSystem overlays;
-      inherit overlays;
       config = {
         # ....
       };

flake.nix

@@ -89,8 +89,7 @@
         inputs.nix-ld-rs.overlays.default
       ];
       pkgs-args = {
-        inherit system;
+        inherit system overlays;
-        inherit overlays;
         config = {
           allowUnfree = true;
           packageOverrides = pkgs: { };
@@ -117,9 +116,7 @@
         envfs.nixosModules.envfs
       ];
       args = {
-        inherit self;
+        inherit self inputs system;
-        inherit inputs;
-        inherit system;
       };
     in
     {

os-mods/network/default.nix

@@ -5,7 +5,27 @@
 }: {
   networking = {
     networkmanager.enable = true;
+    networkmanager.dispatcherScripts = [
+      {
+        source = import ./moz-nm-hook.fish.nix {
+          inherit pkgs;
+          vpn_interface = "tailscale0";
+          vpn_network = "100.64.0.0/16";
+        };
+        type = "basic";
+      }
+      {
+        source = import ./moz-nm-hook.fish.nix {
+          inherit pkgs;
+          vpn_interface = "netmaker";
+          vpn_network = "10.231.190.1/24";
+        };
+        type = "basic";
+      }
+    ];
+
     useDHCP = lib.mkDefault true;
+
     nameservers = [
       "23.88.68.113#dns.vlt81.de"
       "2a01:4f8:272:5917::baad:c0de#dns.vlt81.de"

os-mods/network/moz-nm-hook.fish.nix

@@ -0,0 +1,21 @@
+{ pkgs
+, vpn_interface
+, vpn_network
+, ...
+}: (pkgs.writeText "${vpn_interface}-route" ''
+  #!${pkgs.fish}/bin/fish
+  set MOZ_INTERFACE "moz0"
+  set VPN_INTERFACE "${vpn_interface}"
+  set VPN_NETWORK "${vpn_network}"
+
+  sleep 1 # give mozillavpn time to create the rules we want to override
+  logger "NetworkManager dispatcher event: $argv[1], $argv[2]"
+
+  # When MOZ interface comes up, check and add the Tailscale route
+  if test "$argv[1]" = "$MOZ_INTERFACE" -a "$argv[2]" = "up"
+    # Re-creating forces high priority in case the route already exists
+    ip route del $VPN_NETWORK dev $VPN_INTERFACE
+    ip route add $VPN_NETWORK dev $VPN_INTERFACE
+    logger "Added Tailscale route for $VPN_NETWORK via $VPN_INTERFACE"
+  end
+'')

systems/nixos-he4/default.nix

@@ -53,11 +53,7 @@
       users.tristand = import ../../users/admin-shell.nix {
         username = "tristand";
 
-        inherit pkgs;
+        inherit pkgs config inputs system lib;
-        inherit config;
-        inherit inputs;
-        inherit system;
-        inherit lib;
       };
     };
 

systems/nixos-karl-kvm-guest/default.nix

@@ -85,11 +85,7 @@
     users.reopen5194 = import ../../users/admin-thin.nix {
       username = "reopen5194";
 
-      inherit pkgs;
+      inherit pkgs config inputs system lib;
-      inherit config;
-      inherit inputs;
-      inherit system;
-      inherit lib;
     };
   };
 

users/default.nix

@@ -28,20 +28,12 @@
     users.tester = import ./admin-thin.nix {
       username = "tester";
 
-      inherit pkgs;
+      inherit pkgs config inputs system lib;
-      inherit config;
-      inherit inputs;
-      inherit system;
-      inherit lib;
     };
     users.tristand = import ./admin-fat.nix {
       username = "tristand";
 
-      inherit pkgs;
+      inherit pkgs config inputs system lib;
-      inherit config;
-      inherit inputs;
-      inherit system;
-      inherit lib;
     };
   };
 }