rasmus-kirk
55 lines
1.5 KiB
Markdown
55 lines
1.5 KiB
Markdown
---
|
|
title: Running Services Not Covered by Nixarr Through a VPN
|
|
---
|
|
|
|
Nixarr reexports its VPN-submodule, meaning you can run your own services
|
|
using it. As an example, let's say you want to run a Monero node
|
|
through a VPN, then you could use the following configuration:
|
|
|
|
```nix {.numberLines}
|
|
# Open vpnports, must also be opened by VPN-provider
|
|
vpnnamespaces.wg = {
|
|
openVPNPorts = [
|
|
{ port = xmrP2PPort; protocol = "both"; }
|
|
{ port = xmrRpcPort; protocol = "both"; }
|
|
];
|
|
};
|
|
|
|
# Force moneronode to VPN
|
|
systemd.services.monero.vpnconfinement = {
|
|
enable = true;
|
|
vpnnamespace = "wg"; # This must be "wg", that's what nixarr uses
|
|
};
|
|
|
|
services.monero = {
|
|
enable = true;
|
|
# Run as public node
|
|
extraConfig = ''
|
|
p2p-bind-ip=0.0.0.0
|
|
p2p-bind-port=${builtins.toString xmrP2PPort}
|
|
|
|
rpc-restricted-bind-ip=0.0.0.0
|
|
rpc-restricted-bind-port=${builtins.toString xmrRpcPort}
|
|
|
|
# Disable UPnP port mapping
|
|
no-igd=1
|
|
|
|
# Public-node
|
|
public-node=1
|
|
|
|
# ZMQ configuration
|
|
no-zmq=1
|
|
|
|
# Block known-malicious nodes from a DNSBL
|
|
enable-dns-blocklist=1
|
|
'';
|
|
};
|
|
```
|
|
|
|
> **Note:** that the submodule supports more namespaces than just one, but Nixarr
|
|
> uses the name `wg`, so you should use that too.
|
|
|
|
Services running over the VPN will have address `192.168.15.1` instead of
|
|
`127.0.0.1`. For more options and information on the VPN-submodule, check out
|
|
[the repo](https://github.com/Maroka-chan/VPN-Confinement)
|