clara/nix-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed wireguard (don't know how)

Browse source
This commit is contained in:
CDaut 2025-11-13 18:29:45 +01:00
parent 83dbc8465f
commit 3fd6838367
Signed by: clara
GPG key ID: 223391B52FAD4463
1 changed files with 5 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

16
configs/services/wg_server.nix
View file

@ -34,7 +34,6 @@ in {
};
# Open ports in the firewall
firewall = {
rejectPackets = true;
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 wg_port ];
};
@ -53,21 +52,16 @@ in {
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = ''
${pkgs.iptables}/bin/iptables -t nat -I POSTROUTING 1 -s 10.8.0.1/16 -o eth0 -j MASQUERADE
${pkgs.iptables}/bin/iptables -I FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -I INPUT 1 -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -I FORWARD 1 -i eth0 -o wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -I FORWARD 1 -i wg0 -o eth0 -j ACCEPT
${pkgs.iptables}/bin/iptables -I INPUT 1 -i eth0 -p udp --dport ${toString wg_port} -j ACCEPT
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.8.0.1/16 -o eth0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
'';
# Undo the above
preDown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.8.0.1/16 -o eth0 -j MASQUERADE
${pkgs.iptables}/bin/iptables -D INPUT -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT
${pkgs.iptables}/bin/iptables -D INPUT -i eth0 -p udp --dport ${toString wg_port} -j ACCEPT
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
'';
peers = [
{