coolneng
/
zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Set up Wireguard

This commit is contained in:
coolneng 2020-02-21 12:25:43 +01:00
parent ea06ff9985
commit 40a9598020
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
1 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
modules/networking.nix
View File

@ -6,8 +6,22 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wireguard
wireguard-tools
]; ];
# Enable zeroconf
services.avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
userServices = true;
};
};
# Dynamic DNS configuration # Dynamic DNS configuration
services.ddclient = { services.ddclient = {
enable = true; enable = true;
@ -25,11 +39,46 @@
80 80
443 443
]; ];
allowedUDPPorts = [
51820 # Wireguard
];
autoLoadConntrackHelpers = true; autoLoadConntrackHelpers = true;
connectionTrackingModules = [ "sane" ]; connectionTrackingModules = [ "sane" ];
extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
'';
}; };
# Disable IPv6 # Disable IPv6
networking.enableIPv6 = false; networking.enableIPv6 = false;
# Enable NAT for wireguard
networking.nat = {
enable = true;
externalInterface = "eth0";
internalInterfaces = [ "wg0" ];
};
# Wireguard setup
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.8.0.1/24" ];
listenPort = 51820;
privateKeyFile = "/home/coolneng/.wg/keys/privatekey";
peers = [
# Monolith
{
publicKey = "ka9a/VB49XMtrMw/ZJmZHThfk2Y5D/8wErLPtN+KvHE=";
allowedIPs = [ "10.8.0.2/32" ];
}
# Roamer
{
publicKey = "gS5VIUFL74kTs3zxVNT/ijWyOjeAFLEqWynD0Pefh1o=";
allowedIPs = [ "10.8.0.3/32" ];
}
];
};
};
} }