Compare commits
2 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
8b11705965 | ||
|
|
cff4840824 |
1 changed files with 57 additions and 1 deletions
|
|
@ -1,4 +1,6 @@
|
|||
{pkgs, ...}: {
|
||||
{pkgs, ...}: let
|
||||
wg_port = 51820;
|
||||
in {
|
||||
imports = [
|
||||
(import ./modules {
|
||||
hostName = "hetzner-vpn1";
|
||||
|
|
@ -16,5 +18,59 @@
|
|||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
|
||||
];
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [iptables wireguard-tools];
|
||||
};
|
||||
|
||||
# wireguard server for public ip
|
||||
# enable NAT
|
||||
networking.nat.enable = true;
|
||||
networking.nat.externalInterface = "eth0";
|
||||
networking.nat.internalInterfaces = ["wg0"];
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [wg_port];
|
||||
};
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
# "wg0" is the network interface name. You can name the interface arbitrarily.
|
||||
wg0 = {
|
||||
# Determines the IP address and subnet of the server's end of the tunnel interface.
|
||||
ips = ["10.100.0.1/32"];
|
||||
|
||||
# The port that WireGuard listens to. Must be accessible by the client.
|
||||
listenPort = wg_port;
|
||||
|
||||
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
|
||||
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
|
||||
postSetup = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
|
||||
'';
|
||||
|
||||
# This undoes the above command
|
||||
postShutdown = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
|
||||
'';
|
||||
|
||||
# Path to the private key file
|
||||
privateKeyFile = "/root/wireguard/keys/private";
|
||||
|
||||
peers = [
|
||||
# List of allowed peers.
|
||||
{
|
||||
# Phone
|
||||
publicKey = "/sjNk9rXaMdrCHD2kmut1AXD1UhF1xcZ4ju+EmFGcCk=";
|
||||
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
|
||||
allowedIPs = ["10.100.0.2/32"];
|
||||
}
|
||||
{
|
||||
# vinzenz-lpt
|
||||
publicKey = "D/6431f8oJ61C5vjjEIpY5Rc750oK4yVh9B/32q4xAE=";
|
||||
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
|
||||
allowedIPs = ["10.100.0.3/32"];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue