From b00861e0ae27c2cf696fd352f9c187d612b539cb Mon Sep 17 00:00:00 2001 From: jacekpoz Date: Sun, 16 Jul 2023 11:21:14 +0200 Subject: [PATCH] I don't understand shit --- hosts/chmura/default.nix | 1 + hosts/chmura/wireguard.nix | 43 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 hosts/chmura/wireguard.nix diff --git a/hosts/chmura/default.nix b/hosts/chmura/default.nix index 2ae076e34..090de8497 100644 --- a/hosts/chmura/default.nix +++ b/hosts/chmura/default.nix @@ -4,5 +4,6 @@ _: { ./configuration.nix ./grafana.nix ./hardware-configuration.nix + ./wireguard.nix ]; } diff --git a/hosts/chmura/wireguard.nix b/hosts/chmura/wireguard.nix new file mode 100644 index 000000000..6cdbc3efe --- /dev/null +++ b/hosts/chmura/wireguard.nix @@ -0,0 +1,43 @@ +{ + config, + pkgs, + inputs, + ... +}: { + networking.nat = { + enable = true; + externalInterface = "enp6s0"; + internalInterfaces = [ "wg0" ]; + }; + + networking.firewall.allowedTCPPorts = [ 51820 ]; + networking.firewall.allowedUDPPorts = [ 51820 ]; + + networking.wireguard.interfaces = { + wg0 = { + ips = [ "192.168.15.17/24" ]; + listenPort = 51820; + postSetup = '' + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 192.168.15.0/24 -o eth0 -j MASQUERADE + ''; + postShutdown = '' + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 192.168.15.0/24 -o eth0 -j MASQUERADE + ''; + + privateKeyFile = "/home/chmura/.wg/private"; + + peers = [ + { + # laptop with arch + publicKey = "yYCaxmZfyQQiOzlZuvNqbsY96j/UkqCh/+2guEqTuho="; + allowedIPs = [ "192.168.15.0/24" ]; + } + { + # phone + publicKey = "aIz3n7fmtc85Td3bLa/78s90cxjpGw2LI098fpWcAhk="; + allowedIPs = [ "192.168.15.0/24" ]; + } + ]; + }; + }; +}