Infini-DL360/wireguard: init

2025-07-10 13:33:01 -04:00 · 2025-07-10 13:33:01 -04:00 · a62d16826e
commit a62d16826e
parent e37573d931
2 changed files with 29 additions and 0 deletions
--- a/hosts/Infini-DL360/default.nix
+++ b/hosts/Infini-DL360/default.nix
@ -11,6 +11,7 @@
    ./secrets

    private.nixosModules.minecraft-servers
+    private.nixosModules.wireguard
    ./authentik.nix
    ./conduwuit.nix
    ./drasl.nix
@ -35,6 +36,7 @@
    ./torrenting.nix
    ./vaultwarden.nix
    ./web.nix
+    ./wireguard.nix
  ];

  system.stateVersion = "23.11";
--- a/hosts/Infini-DL360/wireguard.nix
+++ b/hosts/Infini-DL360/wireguard.nix
@ -0,0 +1,27 @@
+{ pkgs, ... }:
+let
+  subnet = "192.168.200.0/24";
+in
+
+{
+  networking.wireguard.enable = true;
+
+  networking.nat.internalInterfaces = [ "wg0" ];
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "192.168.200.1/24" ];
+      listenPort = 51820;
+
+      privateKeyFile = "/etc/secrets/wireguard/private";
+
+      postSetup = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${subnet} -o br0 -j MASQUERADE
+      '';
+      postShutdown = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${subnet} -o br0 -j MASQUERADE
+      '';
+    };
+  };
+}