Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ma gum.r: add vbob to wireguard

Browse Source
This commit is contained in:
makefu 2018-01-06 20:51:32 +01:00
parent 7b39418eb0
commit 72d8ea37cc
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
1 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
makefu/1systems/gum/config.nix
View File

@ -108,16 +108,35 @@ in {
# };
#}
{ # wireguard server
networking.firewall.allowedUDPPorts = [ 51820 ];
# TODO: networking.nat
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
# conf.all.proxy_arp =1
networking.firewall = {
allowedUDPPorts = [ 51820 ];
extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
'';
};
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.0.1/24" ];
listenPort = 51820;
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
peers = [{
# allowedIPs = [ "0.0.0.0/0" "::/0" ];
peers = [
{
# x
allowedIPs = [ "10.244.0.2/32" ];
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
}];
}
{
# vbob
allowedIPs = [ "10.244.0.3/32" ];
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
}
];
};
}