All I have produced before the age of seventy is not worth taking into account. At seventy-three I have learned a little about the real structure of nature, of animals, plants, trees, birds, fishes and insects. In consequence when I am eighty, I shall have made still more progress. At ninety I shall penetrate the mystery of things; at one hundred I shall certainly have reached a marvelous stage; and when I am a hundred and ten, everything I do, be it a dot or a line, will be alive. I beg those who live as long as I to see if I do not keep my word. Written at the age of seventy five by me, once Hokusai, today Gwakyo Rojin, the old man mad about drawing.
Run nix-shell -p mozwire; then, within the resulting shell, do the following:
# Fetch a Mozilla VPN token and set MOZ_TOKEN for future invocations of mozwire.# This will open a browser that will instruct you to login using your Mozilla VPN credentials.[nix-shell:]$ export MOZ_TOKEN=$(mozwire --print-token)
Please visit https://vpn.mozilla.org/api/v2... Link opened in browser.
# Create `/secret` to store your configuration [nix-shell:]$ sudo mkdir-p /secret`# List available Mozilla VPN relays [nix-shell:]$ mozwire relay save zrh
Albania (al)
Tirana (tia) @ 41.327953°N, 19.819025°W
al-tia-wg-001 (31.171.153.66, 2a04:27c0:0:3::a01f)
Australia (au)
Adelaide (adl) @ -34.92123°N, 138.599503°W
au-adl-wg-301 (103.214.20.50, 2404:f780:0:deb::c1f)
au-adl-wg-302 (103.214.20.130, 2404:f780:0:dec::c2f)
Brisbane (bne) @ -27.471°N, 153.0234°W
au-bne-wg-301 (103.216.220.18, 2404:f780:4:deb::a01f)
au-bne-wg-302 (103.216.220.34, 2404:f780:4:dec::a02f)
...
# Save a configuration with your desired relay. In this example,# we'll use ZRH. Though one can choose their own location, you'll# typically want to use a location that is nearest to your ISP. [nix-shell:]$ mozwire relay save zrh
Public key not in device list, uploading it.
Wrote configuration to ./ch-zrh-wg-404.conf.
# Copy the configuration file to /secret[nix-shell:]$ sudo mv ch-zrh-wg-404.conf /secret/
environment.systemPackges = with pkgs;[
wireguard-tools
... # don't add this ellipsis!
];
networking.wg-quick.interfaces.wg0.configFile = "/secret/ch-zrh-wg-404.conf`
Run sudo nixos-rebuild switch to update NixOS’ current configuration
Test that the VPN is active by observing the output of curl https://ifconfig.co/json ; echo
Postscript (teaching how to fish): figuring all this out was aided, yet again, by the use of search.nixos.org; specifcally the NixOS Options section. That said, the source for wg-quick.nix could be updated such that the networking.wg-quick.interfaces.*.configFile appears in a NixOS Options search for WireGuard; we’ll see if maintainers of NixOS/nixpkgs agree with the patch I authored that makes this change. Related: a NixOS/nixpkgs issue which suggests the potential addition of keywords to package metadata.
Postscript 2 (regarding Rust): the source for mozwire is worth considering; it demonstrates the concision and clarity of Rust; and is a lovely example of reverse-engineering of a public yet (to my knowledge) undocumented protocol. Tentatively, I would propose that such packages are a net-positive for users as they enable creative developers to implement alternative means of engaging with a given service. Such implementations are a far-cry from the GNU foundation’s visions for truly “free” software, but certainly bring us closer to those aims.
Dozens of readers have written in after my last post asking “who is this Montaigne guy?” Well, might I recommend his essay Of Experience? What a truly beautiful man of the 16th century; and what gratitude we feel for the accessibility of his words today.
… for truth itself has not the privilege to be spoken at all times and indiscriminately; its use, noble as it is, has its circumspections and limits.
