ma gum.r: add vbob to wireguard

This commit is contained in:
makefu 2018-01-06 20:51:32 +01:00
parent 7b39418eb0
commit 72d8ea37cc
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225

View File

@ -108,16 +108,35 @@ in {
# }; # };
#} #}
{ # wireguard server { # wireguard server
networking.firewall.allowedUDPPorts = [ 51820 ];
# TODO: networking.nat
# boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
# conf.all.proxy_arp =1
networking.firewall = {
allowedUDPPorts = [ 51820 ];
extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
'';
};
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.0.1/24" ]; ips = [ "10.244.0.1/24" ];
listenPort = 51820;
privateKeyFile = (toString <secrets>) + "/wireguard.key"; privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true; allowedIPsAsRoutes = true;
peers = [{ peers = [
# allowedIPs = [ "0.0.0.0/0" "::/0" ]; {
# x
allowedIPs = [ "10.244.0.2/32" ]; allowedIPs = [ "10.244.0.2/32" ];
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
}]; }
{
# vbob
allowedIPs = [ "10.244.0.3/32" ];
publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
}
];
}; };
} }