kamov/server
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Configure wireguard

Browse source
This commit is contained in:
Maciej Jur 2023-07-11 19:29:29 +02:00
parent 18b852d65c
commit f8fb80f477
No known key found for this signature in database
GPG key ID: ADA3BF323198C639
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
hosts/kamoshi/configuration.nix
View file

@ -29,23 +29,24 @@
2222 # ssh
];
allowedUDPPorts = [
51820 # wireguard
42069 # wireguard
];
};
wireguard.interfaces = {
wg0 = {
ips = [ "10.100.0.1/24" ];
listenPort = 51820;
listenPort = 42069;
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
'';
privateKeyFile = "/root/secrets/wireguard/kamoshi";
peers = [
{
publicKey = "TODO";
publicKey = "26lQ3qCZrZ3hAqLIDfQNrmFQSQv983TeyXpJUY59QkI=";
allowedIPs = [ "10.100.0.2/32" ];
}
];