VPN¶
WireGuard VPN configuration for confining services to a network namespace.
Available Options
This page documents 6 configuration options.
nixflix.vpn.enable¶
Whether to enable WireGuard VPN.
| Type | boolean |
| Default | |
| Example | |
| Declared in | modules/vpn.nix |
nixflix.vpn.accessibleFrom¶
List of subnets or addresses in the default network namespace that should be able to reach services confined in the VPN namespace.
Required to access VPN-confined services (e.g. Radarr, Sonarr) from your local network. Example: ["192.168.1.0/24"].
| Type | list of string |
| Default | |
| Example | |
| Declared in | modules/vpn.nix |
nixflix.vpn.openVPNPorts¶
Ports to open through the VPN interface, e.g. for port forwarding provided by the VPN provider (AirVPN, IVPN, etc.).
| Type | list of (submodule) |
| Default | |
| Example | |
| Declared in | modules/vpn.nix |
nixflix.vpn.openVPNPorts.*.port¶
Port number to open through the VPN interface.
| Type | 16 bit unsigned integer; between 0 and 65535 (both inclusive) |
| Declared in | modules/vpn.nix |
nixflix.vpn.openVPNPorts.*.protocol¶
Protocol for the port.
| Type | one of "tcp", "udp", "both" |
| Default | |
| Declared in | modules/vpn.nix |
nixflix.vpn.wgConfFile¶
Path to a wg-quick compatible WireGuard configuration file.
The file must contain at least [Interface] with Address, PrivateKey, and DNS fields, and one or more [Peer] sections with PublicKey, Endpoint, and AllowedIPs.
This file is read at service startup. Use a path to a file managed by your secrets solution (e.g. agenix, sops-nix) to keep the private key out of the Nix store.
| Type | absolute path |
| Example | |
| Declared in | modules/vpn.nix |