1 files changed, 32 insertions, 0 deletions

diff --git a/nixos/helpers.nix b/nixos/helpers.nix
new file mode 100644
index 0000000..7880cc7
--- /dev/null
+++ b/nixos/helpers.nix
@@ -0,0 +1,32 @@
+let
+  nixpkgs = import <nixpkgs> {};
+in
+{
+  joinWgNamespace = ns: cfg:
+   nixpkgs.lib.attrsets.recursiveUpdate cfg {
+    bindsTo = ["netns@${ns}.service"];
+    after = ["wireguard-wg-${ns}.service"];
+    unitConfig.JoinsNamespaceOf = "netns@${ns}.service";
+    serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}";
+  };
+
+  mkPortProxy = service: ns: port: {
+    description = "Forward to ${service} in network namespace ${ns}";
+    requires = ["${service}.service"];
+    after = ["${service}.service"];
+    partOf = ["${service}.service"];
+    serviceConfig = {
+      Restart = "on-failure";
+      TimeoutStopSec = 300;
+    };
+    wantedBy = ["multi-user.target"];
+    script =
+      let
+        pkgs = nixpkgs.pkgs;
+      in
+      ''
+        ${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.iproute2}/bin/ip link set dev lo up
+        ${pkgs.socat}/bin/socat tcp-listen:${toString port},fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.socat}/bin/socat STDIO "tcp-connect:localhost:${toString port}"',nofork
+      '';
+  };
+}