roblabla/configuration.nix

## configuration.nix
{
  # Used by the container to access the outside world.
  networking.nat.enable = true;
  networking.nat.internalInterfaces = ["ve-+"];
  networking.nat.externalInterface = "enp1s0";

  containers.vpn = {
    privateNetwork = true;
    hostAddress = "192.168.100.10";
    localAddress = "192.168.100.11";
    config = { config, pkgs, ... }:
    {
      networking.firewall.enable = true;
      networking.firewall.allowedTCPPorts = [ 5672 ];
      systemd.services.socat = {
        wantedBy = [ "multi-user.target" ];
        after = [ "network.target" "openvpn-vpn42.service" ];
        serviceConfig = {
          Type = "simple";
          User = "root";
          ExecStart = ''${pkgs.socat}/bin/socat TCP-LISTEN:5672,fork TCP:ip_only_accessible_through_vpn_here:5672'';
        };
      };
      services.openvpn.servers.vpn42 = {
        config = ''
          vpn client config accessing outside world ip here
        '';
      };
    };
  };
}

## ips
# container
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0@if11: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether 3a:9f:90:ac:de:24 brd ff:ff:ff:ff:ff:ff link-netnsid 0

# Host
# lo, enp1s0
11: ve-vpn@if2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 86:74:c9:32:d2:d5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
	{
	# Used by the container to access the outside world.
	networking.nat.enable = true;
	networking.nat.internalInterfaces = ["ve-+"];
	networking.nat.externalInterface = "enp1s0";

	containers.vpn = {
	privateNetwork = true;
	hostAddress = "192.168.100.10";
	localAddress = "192.168.100.11";
	config = { config, pkgs, ... }:
	{
	networking.firewall.enable = true;
	networking.firewall.allowedTCPPorts = [ 5672 ];
	systemd.services.socat = {
	wantedBy = [ "multi-user.target" ];
	after = [ "network.target" "openvpn-vpn42.service" ];
	serviceConfig = {
	Type = "simple";
	User = "root";
	ExecStart = ''${pkgs.socat}/bin/socat TCP-LISTEN:5672,fork TCP:ip_only_accessible_through_vpn_here:5672'';
	};
	};
	services.openvpn.servers.vpn42 = {
	config = ''
	vpn client config accessing outside world ip here
	'';
	};
	};
	};
	}
	# container
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	2: eth0@if11: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
	link/ether 3a:9f:90:ac:de:24 brd ff:ff:ff:ff:ff:ff link-netnsid 0

	# Host
	# lo, enp1s0
	11: ve-vpn@if2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
	link/ether 86:74:c9:32:d2:d5 brd ff:ff:ff:ff:ff:ff link-netnsid 0