60 lines
1.8 KiB
Nix
60 lines
1.8 KiB
Nix
|
{pkgs, ...}: {
|
||
|
networking.wireguard.interfaces.wg0 = {
|
||
|
postSetup = ''
|
||
|
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
|
||
|
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o ens3 -j MASQUERADE
|
||
|
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
|
||
|
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fc00::/7 -o ens3 -j MASQUERADE
|
||
|
'';
|
||
|
|
||
|
postShutdown = ''
|
||
|
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
|
||
|
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/8 -o ens3 -j MASQUERADE
|
||
|
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
|
||
|
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fc00::/7 -o ens3 -j MASQUERADE
|
||
|
'';
|
||
|
|
||
|
peers = [
|
||
|
{
|
||
|
publicKey = "/pQ86rAyPpM2tqzvk7NcKfEm72ENTVCSTTiHf6OrzDw=";
|
||
|
allowedIPs = [
|
||
|
"fd0d:a262:1fa6:e621:539c:94d8:30e1:fb8b/128"
|
||
|
"10.0.0.1/32"
|
||
|
];
|
||
|
}
|
||
|
{
|
||
|
publicKey = "YDh67pqmhWMPNWf1BYXeH4/GTScCWqoWuyIao3ZUcz4=";
|
||
|
allowedIPs = [
|
||
|
"fd0d:a262:1fa6:e621:480:b859:2a43:7101/128"
|
||
|
"10.0.0.2/32"
|
||
|
];
|
||
|
}
|
||
|
{
|
||
|
publicKey = "JZi7Lw8G5W2pnoqJWW6YfJm4OAaxhaneY8i3V9EO8X4=";
|
||
|
allowedIPs = [
|
||
|
"10.0.0.3/32"
|
||
|
"fd0d:a262:1fa6:e621:66b6:3f04:5583:db63/128"
|
||
|
];
|
||
|
}
|
||
|
# thinkrac
|
||
|
{
|
||
|
publicKey = "iKW9nomLyLY2f90UY66POzY8CfDhQrqOLqchERlR3TY=";
|
||
|
allowedIPs = [
|
||
|
"fd0d:a262:1fa6:e621:f45a:db9f:eb7c:1a3f/128"
|
||
|
];
|
||
|
}
|
||
|
# nas
|
||
|
{
|
||
|
publicKey = "RuQImASPojufJMoJ+zZ4FceC+mMN5vhxNR+i+m7g9Bc=";
|
||
|
allowedIPs = [
|
||
|
"fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/128"
|
||
|
];
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
boot.kernel.sysctl = {
|
||
|
"net.ipv4.conf.all.forwarding" = true;
|
||
|
"net.ipv6.conf.all.forwarding" = true;
|
||
|
};
|
||
|
}
|