aryeh.fun Aryeh Hillman's Blog

NixOS with Mozilla VPN and Wireguard

Let’s set up Mozilla VPN on the NixOS Linux distribution using WireGuard.

  1. Run nix-shell -p mozwire; then, within the resulting shell, do the following:

     # Fetch a Mozilla VPN token and set MOZ_TOKEN for future invocations of mozwire.
 # This will open a browser that will instruct you to login using your Mozilla VPN credentials.
 [nix-shell:]$ export MOZ_TOKEN=$(mozwire --print-token)
 Please visit https://vpn.mozilla.org/api/v2... Link opened in browser.
    
 # Create `/secret` to store your configuration 
 [nix-shell:]$ sudo mkdir -p /secret`
    
 # List available Mozilla VPN relays 
 [nix-shell:]$ mozwire relay save zrh
 Albania (al)
 	Tirana (tia) @ 41.327953°N, 19.819025°W
 		al-tia-wg-001 (31.171.153.66, 2a04:27c0:0:3::a01f)
 Australia (au)
 	Adelaide (adl) @ -34.92123°N, 138.599503°W
 		au-adl-wg-301 (103.214.20.50, 2404:f780:0:deb::c1f)
 		au-adl-wg-302 (103.214.20.130, 2404:f780:0:dec::c2f)
 	Brisbane (bne) @ -27.471°N, 153.0234°W
 		au-bne-wg-301 (103.216.220.18, 2404:f780:4:deb::a01f)
 		au-bne-wg-302 (103.216.220.34, 2404:f780:4:dec::a02f)
 ...
    
 # Save a configuration with your desired relay. In this example,
 # we'll use ZRH. Though one can choose their own location, you'll
 # typically want to use a location that is nearest to your ISP. 
 [nix-shell:]$ mozwire relay save zrh
 Public key not in device list, uploading it.
 Wrote configuration to ./ch-zrh-wg-404.conf.
    
 # Copy the configuration file to /secret
 [nix-shell:]$ sudo mv ch-zrh-wg-404.conf /secret/

  2. Setup the VPN using WireGuard by editing /etc/nixos/configuration.nix such that it contains the following:

     environment.systemPackges = with pkgs;[
     wireguard-tools
     ... # don't add this ellipsis!
 ];
    
 networking.wg-quick.interfaces.wg0.configFile = "/secret/ch-zrh-wg-404.conf`
  3. Run sudo nixos-rebuild switch to update NixOS’ current configuration
  4. Test that the VPN is active by observing the output of curl https://ifconfig.co/json ; echo

Postscript (teaching how to fish): figuring all this out was aided, yet again, by the use of search.nixos.org; specifcally the NixOS Options section. That said, the source for wg-quick.nix could be updated such that the networking.wg-quick.interfaces.*.configFile appears in a NixOS Options search for WireGuard; we’ll see if maintainers of NixOS/nixpkgs agree with the patch I authored that makes this change. Related: a NixOS/nixpkgs issue which suggests the potential addition of keywords to package metadata.

Postscript 2 (regarding Rust): the source for mozwire is worth considering; it demonstrates the concision and clarity of Rust; and is a lovely example of reverse-engineering of a public yet (to my knowledge) undocumented protocol. Tentatively, I would propose that such packages are a net-positive for users as they enable creative developers to implement alternative means of engaging with a given service. Such implementations are a far-cry from the GNU foundation’s visions for truly “free” software, but certainly bring us closer to those aims.

TTT

“Put up in a place
where it’s easy to see
the cryptic admonishment
T.T.T.

When you feel how depressingly
slowly you climb,
it’s well to remember that
Things Take Time.”

— Piet Hein[^1]

[^1] Other wonderful grooks by Hein can be found here

Regarding Montaigne

Dozens of readers have written in after my last post asking “who is this Montaigne guy?” Well, might I recommend his essay Of Experience? What a truly beautiful man of the 16th century; and what gratitude we feel for the accessibility of his words today.

… for truth itself has not the privilege to be spoken at all times and indiscriminately; its use, noble as it is, has its circumspections and limits.

ibid.

That thing you didn’t know about Montaigne

What you did know about Montaigne, perhaps, is that he almost certainly pioneered the literary genre we know today as the essay, which comes to us almost certainly on account of his naming his collected works Essais, coming from the French verb essayer, “to try.” We distinguish the essay from the research paper, say, as an essay is an attempt to clarify some matter for oneself.

Courtesy of Sarah Bakewell:

Montaigne’s link to a Jewish heritage arises from history, geography and blood. He was born in 1533, just 41 years after the Catholic Monarchs had expelled Jews under the threat of the Inquisition. His mother was a third-generation convert to Christianity whose grandparents resettled in France. Périgord was a favorite destination of expelled Jews. There is no evidence that his mother’s family were ever hidden Jews. Although it was known that he had Jewish ancestors on his mother’s side, this made little difference to him or his followers. Montaigne never self-identified as a Jew. In fact, after preparing a will, he had a last mass read in his room just before his death. While he was interested in and sympathetic toward Jews, there is no evidence that he tried to help them on any occasion. Of course, nowadays only DNA testing would provide reliable evidence of any Jewish blood. Yet one can point to cultural similarities. He possessed the traits of introspection, self-analysis and self-deprecation that many Jews are identified with. In the final analysis, he was neither French, nor Spanish or Jewish. He was, rather, a universal man admired over centuries by people of diverse nationalities, backgrounds and professions. He was an unusual and admirable product of the universal human race.

How To Live, or, A Life of Montaigne: One Question and Twenty Attempts at an Answer

“[I]ntrospection, self-analysis and self-deprecation” – alas, are these not always qualities one pursues for the benefit of others, but must be pursued, paradoxically, initially for oneself? No wonder so many of us struggle to learn how to write effectively; no wonder so many of us have seeming to given up on the craft. Perhaps such an understanding would be contingent on healthier, robust forms of pedagogy as we enter into the coming wild, unchartered times of LLMs.