feature: Add ProtonVPN to prepare for *arr suite

2025-05-18 21:52:53 -04:00 · 2025-05-18 21:52:53 -04:00 · 34d8a56b8e
commit 34d8a56b8e
parent fe81989bdb
4 changed files with 30 additions and 3 deletions
--- a/hosts/andromeda/configuration.nix
+++ b/hosts/andromeda/configuration.nix
@ -73,8 +73,9 @@

  virtualisation.oci-containers.backend = "docker";

-  # Reverse Proxy setup
+  # VPN setup
  networking.wireguard.interfaces = {
+    # Reverse Proxy
    wg0 = {
      ips = [ "10.10.0.3/24" ];
      privateKeyFile = config.sops.secrets.reverse_proxy_client_privkey.path;
@ -90,13 +91,30 @@
        persistentKeepalive = 25;
      }];
    };
+
+    # ProtonVPN
+    wg1 = {
+      ips = [ "10.2.0.2/32" ];
+      privateKeyFile = config.sops.secrets.protonvpn_privkey.path;
+      table = "70";
+
+      postSetup = "ip rule add from 10.2.0.2 table 70";
+      preShutdown = "ip rule del from 10.2.0.2 table 70";
+
+      peers = [{
+        publicKey = "OuhID2usMSMoGAiLExUhH0lrOMJQ3v8xFWS+6G3JLRs=";
+        allowedIPs = [ "0.0.0.0/0" ];
+        endpoint = "149.102.227.30:51820";
+        persistentKeepalive = 25;
+      }];
+    };
  };

  # Tailscale fixer-uppers
  networking.nat = {
    enable = true;
    enableIPv6 = true;
-    
+
    internalInterfaces = [ "enp6s18" ];
    externalInterface = "wg0";
  };