From 60a68859f3ce5e1b082a75e74ed10593f96c30de Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felix@albrigtsen.it>
Date: Thu, 25 Jan 2024 13:25:05 +0100
Subject: [PATCH] defiant: allow wireguard routing

---
 hosts/defiant/services/wireguard.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hosts/defiant/services/wireguard.nix b/hosts/defiant/services/wireguard.nix
index 98448cd..b5fc732 100644
--- a/hosts/defiant/services/wireguard.nix
+++ b/hosts/defiant/services/wireguard.nix
@@ -15,12 +15,20 @@ in {
       listenPort = 51820;
       privateKeyFile = "/etc/wireguard/defiant.private";
 
+      postSetup = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o eth0 -j MASQUERADE
+      '';
+      postShutdown = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o eth0 -j MASQUERADE
+      '';
+
       peers = [
         { # Burnham
           publicKey = "JcfyrMoZmnbibVLaIKuGSARAX2alFv4kwLbJaLBNbzo=";
+          persistentKeepalive = 60;
           allowedIPs = [
             "10.100.0.2/32"
-            # "192.168.11.0/24"
+            "192.168.11.0/24"
           ];
         }
         { # Sulu