lumin/nixos-config
1
0
Fork 0
mirror of https://github.com/ordinary-dev/nixos-config.git synced 2024-09-20 03:40:29 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity
nixos-config/nixos/networking/wireguard.nix

36 lines
859 B
Nix
Raw Permalink Normal View History

feat: configure wireguard
2024-05-10 12:04:02 +05:00
{ config, pkgs, ... }:
{
networking.nat = {
enable = true;
externalInterface = "enp7s0";
internalInterfaces = [ "wg0" ];
};
networking.wireguard.interfaces.wg0 = {
chore: change wireguard subnet to avoid conflicts
2024-05-13 21:39:10 +05:00
ips = ["10.101.0.1/24" ];
feat: configure wireguard
2024-05-10 12:04:02 +05:00
listenPort = 51820;
postSetup = ''
chore: change wireguard subnet to avoid conflicts
2024-05-13 21:39:10 +05:00
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.101.0.0/24 -o enp7s0 -j MASQUERADE
feat: configure wireguard
2024-05-10 12:04:02 +05:00
'';
postShutdown = ''
chore: change wireguard subnet to avoid conflicts
2024-05-13 21:39:10 +05:00
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.101.0.0/24 -o enp7s0 -j MASQUERADE
feat: configure wireguard
2024-05-10 12:04:02 +05:00
'';
privateKeyFile = "/var/lib/wireguard/privkey";
peers = [
{
# laptop
publicKey = "awAVP/tkl0Z9PKEMTABjIXhblWSGHhIvYjBFp3C7YUk=";
chore: change wireguard subnet to avoid conflicts
2024-05-13 21:39:10 +05:00
allowedIPs = [ "10.101.0.2/32" ];
feat: configure wireguard
2024-05-10 12:04:02 +05:00
}
{
# phone
publicKey = "zPUl9jrC8dFaPWKk92btHptEzr09KNgGbdwSfiT7rEM=";
chore: change wireguard subnet to avoid conflicts
2024-05-13 21:39:10 +05:00
allowedIPs = [ "10.101.0.3/32" ];
feat: configure wireguard
2024-05-10 12:04:02 +05:00
}
];
};
}
Reference in a new issue Copy permalink