Add wireguard server configuration

This commit is contained in:
coolneng 2020-01-29 14:30:31 +01:00
parent 09c5755ec8
commit 6a2346d4a1
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
1 changed files with 35 additions and 0 deletions

View File

@ -39,11 +39,46 @@
80
443
];
allowedUDPPorts = [
51820 # Wireguard
];
autoLoadConntrackHelpers = true;
connectionTrackingModules = [ "sane" ];
extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
'';
};
# Disable IPv6
networking.enableIPv6 = false;
# Enable NAT for wireguard
networking.nat = {
enable = true;
externalInterface = "eth0";
internalInterfaces = [ "wg0" ];
};
# Wireguard setup
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.8.0.1/24" ];
listenPort = 51820;
privateKeyFile = "/home/coolneng/.wg/keys/privatekey";
peers = [
# Monolith
{
publicKey = "ka9a/VB49XMtrMw/ZJmZHThfk2Y5D/8wErLPtN+KvHE=";
allowedIPs = [ "10.8.0.2/32" ];
}
# Roamer
#{
#publicKey = "{john doe's public key}";
#allowedIPs = [ "10.8.0.3/32" ];
#}
];
};
};
}