From 0cfa4843c087d975be66c22fdff148ef7f7de228 Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Wed, 22 Jan 2025 14:26:24 +0300
Subject: [PATCH] Ipv4: Add force tunnel.

---
 host/x86_64-linux/home/Ipv4Socks.nix | 47 ++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 host/x86_64-linux/home/Ipv4Socks.nix

diff --git a/host/x86_64-linux/home/Ipv4Socks.nix b/host/x86_64-linux/home/Ipv4Socks.nix
new file mode 100644
index 0000000..eb3653b
--- /dev/null
+++ b/host/x86_64-linux/home/Ipv4Socks.nix
@@ -0,0 +1,47 @@
+# Use `nixos-container login ipv4` as root and empty pw.
+{ __findFile, lib, ... }:
+{
+  networking.nat = {
+    enable = true;
+    externalInterface = "enp8s0";
+    internalInterfaces = [ "ve-+" ];
+  };
+
+  containers.ipv4 = {
+    autoStart = true;
+    enableTun = true;
+    privateNetwork = true;
+    hostAddress = "188.242.247.132";
+    localAddress = "10.1.0.3";
+
+    config =
+      { ... }:
+      {
+        boot.kernel.sysctl = {
+          "net.ipv6.conf.all.disable_ipv6" = 1;
+          "net.ipv6.conf.default.disable_ipv6" = 1;
+        };
+
+        networking.firewall.extraCommands = ''
+          iptables -I INPUT -j ACCEPT -s 10.0.0.0/24
+        '';
+
+        services.microsocks = {
+          enable = true;
+          disableLogging = true;
+          ip = "10.1.0.3";
+          port = 1080;
+        };
+
+        boot.isContainer = true;
+        system.stateVersion = "24.11";
+        networking = {
+          useHostResolvConf = lib.mkForce false;
+          nameservers = [
+            "1.1.1.1"
+            "8.8.8.8"
+          ];
+        };
+      };
+  };
+}