diff --git a/modules/networking.nix b/modules/networking.nix index e8846b0..f8e4686 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -6,8 +6,22 @@ { environment.systemPackages = with pkgs; [ + wireguard + wireguard-tools ]; + + # Enable zeroconf + services.avahi = { + enable = true; + nssmdns = true; + publish = { + enable = true; + userServices = true; + }; + }; + + # Dynamic DNS configuration services.ddclient = { enable = true; @@ -25,11 +39,46 @@ 80 443 ]; + allowedUDPPorts = [ + 51820 # Wireguard + ]; autoLoadConntrackHelpers = true; connectionTrackingModules = [ "sane" ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE + ''; }; # Disable IPv6 networking.enableIPv6 = false; + + # Enable NAT for wireguard + networking.nat = { + enable = true; + externalInterface = "eth0"; + internalInterfaces = [ "wg0" ]; + }; + + # Wireguard setup + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.8.0.1/24" ]; + listenPort = 51820; + privateKeyFile = "/home/coolneng/.wg/keys/privatekey"; + peers = [ + # Monolith + { + publicKey = "ka9a/VB49XMtrMw/ZJmZHThfk2Y5D/8wErLPtN+KvHE="; + allowedIPs = [ "10.8.0.2/32" ]; + } + # Roamer + { + publicKey = "gS5VIUFL74kTs3zxVNT/ijWyOjeAFLEqWynD0Pefh1o="; + allowedIPs = [ "10.8.0.3/32" ]; + } + ]; + }; + }; + }