rasmus-kirk
1.4 KiB
1.4 KiB
title
| title |
|---|
| Running Services Not Covered by Nixarr Through a VPN |
Nixarr reexports its VPN-submodule, meaning you can run your own services using it. As an example, let's say you want to run a Monero node through a VPN, then you could use the following configuration:
# Open vpnports, must also be opened by VPN-provider
vpnnamespaces.wg = {
openVPNPorts = [
{ port = xmrP2PPort; protocol = "both"; }
{ port = xmrRpcPort; protocol = "both"; }
];
};
# Force moneronode to VPN
systemd.services.monero.vpnconfinement = {
enable = true;
vpnnamespace = "wg"; # This must be "wg", that's what nixarr uses
};
services.monero = {
enable = true;
# Run as public node
extraConfig = ''
p2p-bind-ip=0.0.0.0
p2p-bind-port=${builtins.toString xmrP2PPort}
rpc-restricted-bind-ip=0.0.0.0
rpc-restricted-bind-port=${builtins.toString xmrRpcPort}
# Disable UPnP port mapping
no-igd=1
# Public-node
public-node=1
# ZMQ configuration
no-zmq=1
# Block known-malicious nodes from a DNSBL
enable-dns-blocklist=1
'';
};
Note: that the submodule supports more namespaces than just one, but Nixarr
uses the name wg, so you should use that too.
For more options and information on the VPN-submodule, check out the repo