Avatar
freeborn | ἐλεύθερος | 8r0gwg 1y ago

#NixOS is my "golf" -- I love it and I hate it at the same time.

Today's milestone: I am finally connected to #ProtonVPN / #Wireguard.

Here's how I had to do it:

1. Follow the steps at [How to Manually Configure Wireguard on Linux](https://protonvpn.com/support/wireguard-manual-linux/). You'll have to create a directory at `/etc/wireguard` to store the downloaded *.conf.

2. After running `sudo wg-quick up {interface}` (leave off the .conf from your file name), run `sudo wg show` - you'll need some of this info in a moment.

3. Also run `sudo cat /etc/wireguard/*.conf` and copy your private key.

4. Open VPN Settings and configure the new connection.

5. Select 'connect automatically'

6. Select the Wireguard tab

7. Paste in your private key from step 3.

8. Update the listening port (see output of step 2)

9. Update the fwmark (see output of step 2)

10. Set the MTU to1420.

11. Click the gear to configure the peer.

12. Update the Endpoint (see output of step 2)

13. Update the Allowed IP Addresses, and click Apply.

14. Click Apply.

15. You might need to then 'turn it on' in the system tray.

16. Go to https://ip.me to make sure it's not showing you your own location

Hope this helps someone out there, this took me WAY too long to figure out. None of the guides I read quite covered it all. Importing zips didn't work. Importing the downloaded .conf didn't work. This works.

Next step is to ensure all this happens automatically from the configuration.nix or imports (suggestions more than welcome!).

Reply to this note

Please Login to reply.

Discussion

Avatar
Platinum Bear 1y ago

NixOS has been hard for me to be my main driver. The learning curve has been hard for me. If I have any issues I don’t know how to resolve without stack overflow.

Avatar
jb55 1y ago

It feels like it’s designed for developers. It’s super natural to me as a functional programmer, but i imagine it would be really difficult if you were expecting a point and click adventure.

Avatar
Rich Nost 1y ago

nix-bitcoin made this pretty easy. Thry have a module of presets, so all you need to do is update the config with your allowed peer pubkeys and re-deploy.

Avatar
freeborn | ἐλεύθερος | 8r0gwg 1y ago

Thanks, this looks great.

Avatar
Rich Nost 1y ago

Be mindful that nix-bitcoin is declarative configuration. All your administration of the system is meant to be indirect, through .nix config files. You have to kind of eat the complexity of working in the unintuitive, spergie paradigm of functional programming. My brain isn't built for it naturally.

Avatar
freeborn | ἐλεύθερος | 8r0gwg 1y ago

Noted. I'm climbing that learning curve now. I don't mind a challenging puzzle. 🤙

Avatar
Anhinga 1y ago

Are you using the gnome desktop environment?