Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Infini-DL360/wireguard: init

Browse source
This commit is contained in:
Infinidoge 2025-07-10 13:33:01 -04:00
parent e37573d931
commit a62d16826e
Signed by: Infinidoge
SSH key fingerprint: SHA256:EMoPe5e2dO0gEvtBb2xkZTz5dkyL0rBmuiGTKG5s96E
2 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/Infini-DL360/default.nix
View file

@ -11,6 +11,7 @@
./secrets ./secrets
private.nixosModules.minecraft-servers private.nixosModules.minecraft-servers
private.nixosModules.wireguard
./authentik.nix ./authentik.nix
./conduwuit.nix ./conduwuit.nix
./drasl.nix ./drasl.nix
@ -35,6 +36,7 @@
./torrenting.nix ./torrenting.nix
./vaultwarden.nix ./vaultwarden.nix
./web.nix ./web.nix
./wireguard.nix
]; ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";

27
hosts/Infini-DL360/wireguard.nix Normal file
View file

@ -0,0 +1,27 @@
{ pkgs, ... }:
let
subnet = "192.168.200.0/24";
in
{
networking.wireguard.enable = true;
networking.nat.internalInterfaces = [ "wg0" ];
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.wireguard.interfaces = {
wg0 = {
ips = [ "192.168.200.1/24" ];
listenPort = 51820;
privateKeyFile = "/etc/secrets/wireguard/private";
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${subnet} -o br0 -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${subnet} -o br0 -j MASQUERADE
'';
};
};
}