Add wireguard server configuration
This commit is contained in:
parent
09c5755ec8
commit
6a2346d4a1
GPG Key ID:
9893DA236405AF57
|
|
@ -39,11 +39,46 @@
|
||||||
80
|
80
|
||||||
443
|
443
|
||||||
];
|
];
|
||||||
|
allowedUDPPorts = [
|
||||||
|
51820 # Wireguard
|
||||||
|
];
|
||||||
autoLoadConntrackHelpers = true;
|
autoLoadConntrackHelpers = true;
|
||||||
connectionTrackingModules = [ "sane" ];
|
connectionTrackingModules = [ "sane" ];
|
||||||
|
extraCommands = ''
|
||||||
|
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# Disable IPv6
|
# Disable IPv6
|
||||||
networking.enableIPv6 = false;
|
networking.enableIPv6 = false;
|
||||||
|
|
||||||
|
# Enable NAT for wireguard
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
externalInterface = "eth0";
|
||||||
|
internalInterfaces = [ "wg0" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Wireguard setup
|
||||||
|
networking.wireguard.interfaces = {
|
||||||
|
wg0 = {
|
||||||
|
ips = [ "10.8.0.1/24" ];
|
||||||
|
listenPort = 51820;
|
||||||
|
privateKeyFile = "/home/coolneng/.wg/keys/privatekey";
|
||||||
|
peers = [
|
||||||
|
# Monolith
|
||||||
|
{
|
||||||
|
publicKey = "ka9a/VB49XMtrMw/ZJmZHThfk2Y5D/8wErLPtN+KvHE=";
|
||||||
|
allowedIPs = [ "10.8.0.2/32" ];
|
||||||
|
}
|
||||||
|
# Roamer
|
||||||
|
#{
|
||||||
|
#publicKey = "{john doe's public key}";
|
||||||
|
#allowedIPs = [ "10.8.0.3/32" ];
|
||||||
|
#}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue