felixalb/nixos-config
felixalb
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

defiant: allow wireguard routing

This commit is contained in:
Felix Albrigtsen 2024-01-25 13:25:05 +01:00
parent 09c0fdb08c
commit 60a68859f3
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hosts/defiant/services/wireguard.nix
View File

@ -15,12 +15,20 @@ in {
listenPort = 51820; listenPort = 51820;
privateKeyFile = "/etc/wireguard/defiant.private"; privateKeyFile = "/etc/wireguard/defiant.private";
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o eth0 -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o eth0 -j MASQUERADE
'';
peers = [ peers = [
{ # Burnham { # Burnham
publicKey = "JcfyrMoZmnbibVLaIKuGSARAX2alFv4kwLbJaLBNbzo="; publicKey = "JcfyrMoZmnbibVLaIKuGSARAX2alFv4kwLbJaLBNbzo=";
persistentKeepalive = 60;
allowedIPs = [ allowedIPs = [
"10.100.0.2/32" "10.100.0.2/32"
# "192.168.11.0/24" "192.168.11.0/24"
]; ];
} }
{ # Sulu { # Sulu