Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hippocampus: fix oci wireguard vpn

Browse Source
This commit is contained in:
David Crompton
2025-07-21 19:01:53 -04:00
parent 033a9e582c
commit d8167b3bc1
3 changed files with 23 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
machines/hippocampus/oci/Wireguard.ContainerFile
View File

@@ -2,4 +2,4 @@ FROM alpine:3.16
RUN apk add --no-cache bash wireguard-tools jq curl git ncurses
RUN git clone https://github.com/pia-foss/manual-connections /manual-connections
WORKDIR /manual-connections
ENTRYPOINT /manual-connections/run_setup.sh
CMD bash -c "/manual-connections/run_setup.sh && watch -n 60 curl ip.me"

24
machines/hippocampus/oci/jelly.nix
View File

@@ -18,10 +18,12 @@
in {
containers = {
wireguard = {
image = "thrnz/docker-wireguard-pia";
# Derived from the pia-wg.tar.gz
# which was built from the containerfile
image = "localhost/pia-wg:latest";
volumes = [
# "${configDir}/wireguard:/config"
"${configDir}/wireguard_pia:/pia"
# "${configDir}/wireguard_pia:/pia"
];
ports = getPorts [
"deluge"
@@ -34,13 +36,23 @@
];
environment = {
TZ = "America/Toronto";
LOC = "ca";
LOC = "ca";
PIA_DNS = "false"; # - true/false
PIA_PF = "false"; # - true/false
PIA_CONNECT = "true"; # - true/false; connect to VPN after configuration has been created. Set to false to only create configuration file. Only effective for wireguard protocol. Default true.
MAX_LATENCY = "0.2"; # - numeric value, in seconds
AUTOCONNECT = "true"; # - true/false; this will test for and select the server with the lowest latency, it will override PREFERRED_REGION
# PREFERRED_REGION = ""; # - the region ID for a PIA server
DIP_TOKEN = "n";
VPN_PROTOCOL = "wireguard"; # - wireguard or openvpn; openvpn will default to openvpn_udp_standard, but can also specify openvpn_tcp/udp_standad/strong
DISABLE_IPV6 = "no"; # - yes/no
};
extraOptions = [
"--cap-add=ALL"
"--pull=newer"
"--dns=1.1.1.1"
"--privileged" "--dns=1.1.1.1"
"--env-file=${config.sops.secrets.jellyfin-pia.path}"
"--cap-add=NET_ADMIN,NET_RAW,SYS_MODULE"
"--cap-drop=MKNOD,AUDIT_WRITE"
"--sysctl=net.ipv4.ip_forward=1"
"--sysctl=net.ipv4.conf.all.src_valid_mark=1"
"--sysctl=net.ipv6.conf.lo.disable_ipv6=1"
"--sysctl=net.ipv6.conf.all.disable_ipv6=1"