zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

dedupe
All checks were successful
Check Flake / check-flake (push) Successful in 6m4s
Details

Browse Source
This commit is contained in:
Zuckerberg
2026-02-26 19:42:38 -08:00
parent dc3c2194ab
commit 3b71f4b1fd
2 changed files with 13 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
common/network/pia-vpn/scripts.nix
View File

@@ -135,6 +135,17 @@ in
echo "Loaded server info from $serverFile: $WG_HOSTNAME ($WG_SERVER_IP:$WG_SERVER_PORT)" echo "Loaded server info from $serverFile: $WG_HOSTNAME ($WG_SERVER_IP:$WG_SERVER_PORT)"
} }
# Reset WG interface and tear down NAT/forwarding rules.
# Called on startup (clear stale state) and on exit via trap.
cleanupVpn() {
local interfaceName=$1
wg set "$interfaceName" listen-port 0 2>/dev/null || true
ip -4 address flush dev "$interfaceName" 2>/dev/null || true
ip route del default dev "$interfaceName" 2>/dev/null || true
iptables -t nat -F 2>/dev/null || true
iptables -F FORWARD 2>/dev/null || true
}
connectToServer() { connectToServer() {
local wgFile=$1 local wgFile=$1
local interfaceName=$2 local interfaceName=$2

18
common/network/pia-vpn/vpn-container.nix
View File

@@ -141,12 +141,8 @@ in
set -euo pipefail set -euo pipefail
${scripts.scriptCommon} ${scripts.scriptCommon}
# Clean up stale state from previous attempts trap 'cleanupVpn ${cfg.interfaceName}' EXIT
wg set ${cfg.interfaceName} listen-port 0 2>/dev/null || true cleanupVpn ${cfg.interfaceName}
ip -4 address flush dev ${cfg.interfaceName} 2>/dev/null || true
ip route del default dev ${cfg.interfaceName} 2>/dev/null || true
iptables -t nat -F 2>/dev/null || true
iptables -F FORWARD 2>/dev/null || true
proxy="${proxy}" proxy="${proxy}"
@@ -200,16 +196,6 @@ in
exec sleep infinity exec sleep infinity
''; '';
preStop = ''
echo "Tearing down PIA VPN..."
ip -4 address flush dev ${cfg.interfaceName} 2>/dev/null || true
ip route del default dev ${cfg.interfaceName} 2>/dev/null || true
iptables -t nat -F POSTROUTING 2>/dev/null || true
iptables -F FORWARD 2>/dev/null || true
${optionalString portForwarding ''
iptables -t nat -F PREROUTING 2>/dev/null || true
''}
'';
}; };
# Port refresh timer (every 10 min) — keeps PIA port forwarding alive # Port refresh timer (every 10 min) — keeps PIA port forwarding alive