ma gum.r: add vbob to wireguard
This commit is contained in:
parent
7b39418eb0
commit
72d8ea37cc
@ -108,16 +108,35 @@ in {
|
|||||||
# };
|
# };
|
||||||
#}
|
#}
|
||||||
{ # wireguard server
|
{ # wireguard server
|
||||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
|
||||||
|
# TODO: networking.nat
|
||||||
|
|
||||||
|
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||||
|
# conf.all.proxy_arp =1
|
||||||
|
networking.firewall = {
|
||||||
|
allowedUDPPorts = [ 51820 ];
|
||||||
|
extraCommands = ''
|
||||||
|
iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
networking.wireguard.interfaces.wg0 = {
|
networking.wireguard.interfaces.wg0 = {
|
||||||
ips = [ "10.244.0.1/24" ];
|
ips = [ "10.244.0.1/24" ];
|
||||||
|
listenPort = 51820;
|
||||||
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||||
allowedIPsAsRoutes = true;
|
allowedIPsAsRoutes = true;
|
||||||
peers = [{
|
peers = [
|
||||||
# allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
{
|
||||||
|
# x
|
||||||
allowedIPs = [ "10.244.0.2/32" ];
|
allowedIPs = [ "10.244.0.2/32" ];
|
||||||
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
|
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
|
||||||
}];
|
}
|
||||||
|
{
|
||||||
|
# vbob
|
||||||
|
allowedIPs = [ "10.244.0.3/32" ];
|
||||||
|
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user