diff options
Diffstat (limited to 'makefu/2configs/wireguard/server.nix')
-rw-r--r-- | makefu/2configs/wireguard/server.nix | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix deleted file mode 100644 index bb3198178..000000000 --- a/makefu/2configs/wireguard/server.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config,pkgs, ... }: -let - ext-if = config.makefu.server.primary-itf; -in { # wireguard server - - # opkg install wireguard luci-proto-wireguard - - # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - # conf.all.proxy_arp =1 - networking.firewall = { - allowedUDPPorts = [ 51820 ]; - }; - networking.nat = { - enable = true; - #externalIP = "144.76.26.247"; - #internalIPs = [ "10.244.0.0/24" ]; - externalInterface = ext-if; - internalInterfaces = [ "wg0" ]; - }; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.0.1/24" ]; - listenPort = 51820; - privateKeyFile = (toString <secrets>) + "/wireguard.key"; - # allowedIPsAsRoutes = true; - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE - ''; - - # This undoes the above command - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE - ''; - peers = [ - { - # x - allowedIPs = [ "10.244.0.2/32" ]; - publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - } - { - # vbob - allowedIPs = [ "10.244.0.3/32" ]; - publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; - } - { - # x-test - allowedIPs = [ "10.244.0.4/32" ]; - publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; - } - { - # work-router - persistentKeepalive = 25; - allowedIPs = [ "10.244.0.5/32" ]; - publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; - } - { - # workr - persistentKeepalive = 25; - allowedIPs = [ "10.244.0.6/32" ]; - publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; - } - { - # mobile - allowedIPs = [ "10.244.0.7/32" ]; - publicKey = "Y6fOW2QDt0SsHT7hSVzzJYQVB3JI/txO4/FDB54Z52A="; - } - ]; - }; - # TODO: this issue is related to the router which connects to the host but is - # unable to re-connect once restarted -} |