jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wireguard declarative interface

Browse Source
This commit is contained in:
Danilo Reyes 2025-02-05 16:31:55 -06:00
parent 47f4b2a536
commit 481a338799
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/services/wireguard.nix
View File

@ -6,6 +6,7 @@
}:
let
port = 51820;
interface = config.my.interfaces.${config.hostName};
in
{
options.my.services.wireguard.enable = lib.mkEnableOption "enable";
@ -15,17 +16,17 @@ in
firewall.allowedUDPPorts = [ port ];
nat = {
enable = true;
externalInterface = config.my.interfaces.${config.hostName};
externalInterface = interface;
internalInterfaces = [ "wg0" ];
};
wireguard.interfaces.wg0 = {
ips = [ "10.100.0.1/24" ];
listenPort = port;
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp2s0 -j MASQUERADE
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp2s0 -j MASQUERADE
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE
'';
privateKeyFile = config.sops.secrets."wireguard/private".path;
peers = [