diff options
Diffstat (limited to 'Biz/Dev/Wireguard.nix')
| -rw-r--r-- | Biz/Dev/Wireguard.nix | 72 |
1 files changed, 0 insertions, 72 deletions
diff --git a/Biz/Dev/Wireguard.nix b/Biz/Dev/Wireguard.nix deleted file mode 100644 index 90f425e..0000000 --- a/Biz/Dev/Wireguard.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ lib, pkgs, ... }: - -/* -Wireguard VPN server - -References: - -- https://nixos.wiki/wiki/WireGuard -- https://wireguard.how/client/ios/ -*/ - -let - ports = import ../Cloud/Ports.nix; - ips = "10.100.0.1/24"; - - # a micro-library for creating iptables rules - iptables = rec { - bin = "${pkgs.iptables/bin/iptables}"; - append = {source}: lib.concatSep " " [ - bin - "--table" "nat" - "--append" "POSTROUTING" - "--source" source - "--out-interface" "eth0" - "--jump" "MASQUERADE" - ]; - delete = {source}: lib.concatSep " " [ - bin - "--table" "nat" - "--delete" "POSTROUTING" - "--source" source - "--out-interface" "eth0" - "--jump" "MASQUERADE" - ]; - - }; -in { - networking.nat.enable = true; - networking.nat.externalInterface = "eth0"; - networking.nat.internalInterfaces = [ "wg0" ]; - networking.firewall.allowedUDPPorts = [ ports.wireguard ]; - - networking.wireguard-tools.enable = true; - - networking.wireguard-tools.interfaces = { - wg0 = { - ips = [ ips ]; - allowedIPsAsRoutes = true; - listenPort = ports.wireguard; - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${ips} -o eth0 -j MASQUERADE - ''; - - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${ips} -o eth0 -j MASQUERADE - ''; - - privateKeyFile = "/var/wireguard/private"; - - peers = [ - #{ # helium - # publicKey = ""; - # allowedIPs = [ "10.100.0.2/32" ]; - #} - { # ben's iPhone - publicKey = "SIBIfPLhzuV1S1FZtm5JQtDbl0ehnH+Y3CpoZ2eZ3gc="; - allowedIPs = [ "10.100.0.3/32" ]; - } - ]; - }; - }; -} |