kamov/server
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Configure wireguard

Browse source
This commit is contained in:
Maciej Jur 2023-07-11 19:29:29 +02:00
parent 18b852d65c
commit f8fb80f477
No known key found for this signature in database
GPG key ID: ADA3BF323198C639
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
hosts/kamoshi/configuration.nix
View file

@ -29,23 +29,24 @@
2222 # ssh 2222 # ssh
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
51820 # wireguard 42069 # wireguard
]; ];
}; };
wireguard.interfaces = { wireguard.interfaces = {
wg0 = { wg0 = {
ips = [ "10.100.0.1/24" ]; ips = [ "10.100.0.1/24" ];
listenPort = 51820; listenPort = 42069;
postSetup = '' postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
''; '';
postShutdown = '' postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
''; '';
privateKeyFile = "/root/secrets/wireguard/kamoshi";
peers = [ peers = [
{ {
publicKey = "TODO"; publicKey = "26lQ3qCZrZ3hAqLIDfQNrmFQSQv983TeyXpJUY59QkI=";
allowedIPs = [ "10.100.0.2/32" ]; allowedIPs = [ "10.100.0.2/32" ];
} }
]; ];