Skip to content

Commit

Permalink
updated docs
Browse files Browse the repository at this point in the history
  • Loading branch information
rasmus-kirk committed Mar 14, 2024
1 parent d070430 commit cda0f84
Show file tree
Hide file tree
Showing 7 changed files with 64 additions and 3 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,8 @@ Fixed:
Updated:
- Docs (stateDirs and mediaDir cannot be home!)
- vpn submodule (adds firewall and DNS-leak killswitch)

## 2024-03-14

Added:
- Reexported VPN-submodule, allowing users to run services, not supported by this module, through the VPN
Binary file removed docs/img/logo-1.png
Binary file not shown.
Binary file removed docs/img/logo-1.webp
Binary file not shown.
2 changes: 1 addition & 1 deletion docs/wiki/examples/example-2/index.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
title: Example Configuration where Port Forwarding is not an Option
title: Example Configuration Where Port Forwarding Is Not an Option
---

An example where port forwarding is not an option. This is useful if,
Expand Down
3 changes: 2 additions & 1 deletion docs/wiki/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,9 @@ This is an index of existing articles:
- **[Njalla](/wiki/ddns/njalla)**
- **Examples**
- **[Basic Example](/wiki/examples/example-1)**
- **[Example Configuration where Port Forwading is not an Option](/wiki/examples/example-2)**
- **[Example Configuration Where Port Forwarding Is Not an Option](/wiki/examples/example-2)**
- **[Exposing Services Safely](/wiki/expose)**
- **[Running Services Not Covered by Nixarr Through a VPN](/wiki/vpn)**

For learning how to setup the "*Arrs", once running, refer to the [servarr
wiki](https://wiki.servarr.com/)
54 changes: 54 additions & 0 deletions docs/wiki/vpn/index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
---
title: Running Services Not Covered by Nixarr Through a VPN
---

Nixarr reexports its VPN-submodule, meaning you can run your own services
using it. As an example, let's say you want to run a Monero node
through a VPN, then you could use the following configuration:

```nix {.numberLines}
# Open vpnports, must also be opened by VPN-provider
vpnnamespaces.wg = {
openVPNPorts = [
{ port = xmrP2PPort; protocol = "both"; }
{ port = xmrRpcPort; protocol = "both"; }
];
};
# Force moneronode to VPN
systemd.services.monero.vpnconfinement = {
enable = true;
vpnnamespace = "wg"; # This must be "wg", that's what nixarr uses
};
services.monero = {
enable = true;
# Run as public node
extraConfig = ''
p2p-bind-ip=0.0.0.0
p2p-bind-port=${builtins.toString xmrP2PPort}
rpc-restricted-bind-ip=0.0.0.0
rpc-restricted-bind-port=${builtins.toString xmrRpcPort}
# Disable UPnP port mapping
no-igd=1
# Public-node
public-node=1
# ZMQ configuration
no-zmq=1
# Block known-malicious nodes from a DNSBL
enable-dns-blocklist=1
'';
};
```

**Note:** that the submodule supports more namespaces than just one, but Nixarr
uses the name `wg`, so you should use that too.

Services running over the VPN will have address `192.168.15.1` instead of
`127.0.0.1`. For more options and information on the VPN-submodule, check out
[the repo](https://github.com/Maroka-chan/VPN-Confinement)
3 changes: 2 additions & 1 deletion flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,9 @@
};
};

packages = {
packages = rec {
docs = pkgs.callPackage ./mkDocs.nix {inherit inputs;};
default = docs;
};

devshells.default = {
Expand Down

0 comments on commit cda0f84

Please sign in to comment.