From 262a2fba32339b4990822cfa2ad5d871a8a4cf7f Mon Sep 17 00:00:00 2001
From: Magic_RB <magic_rb@redalder.org>
Date: Thu, 27 Jul 2023 20:58:53 +0200
Subject: [PATCH] Setup wireguard on altra

Signed-off-by: Magic_RB <magic_rb@redalder.org>
---
 flake.lock                         |  4 +--
 nixos/systems/altra/networking.nix | 49 +++++++++++++++---------------
 2 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/flake.lock b/flake.lock
index 24d4461..d92ace2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1498,8 +1498,8 @@
     "secret": {
       "flake": false,
       "locked": {
-        "lastModified": 1689723668,
-        "narHash": "sha256-o+sV0G+Hc3pgw6Es12ki2WpDdE0KpKVKdgqdjnVAb+4=",
+        "lastModified": 1690482869,
+        "narHash": "sha256-in5I/oRcup7cZtR4lMTSiw8m5eDBFrk31AkTNdTlN3s=",
         "path": "/home/main/dotfiles2/secret",
         "type": "path"
       },
diff --git a/nixos/systems/altra/networking.nix b/nixos/systems/altra/networking.nix
index f92791a..683f40f 100644
--- a/nixos/systems/altra/networking.nix
+++ b/nixos/systems/altra/networking.nix
@@ -25,41 +25,42 @@ in
     #   "67.207.67.3"
     # ];
 
-    # wireguard = {
-    #   enable = true;
-    #   interfaces."wg0" =
-    #     {
-    #       postSetup = ''
-    #         ${getExe pkgs.iptables} -I FORWARD -i wg0 -o wg0 -j ACCEPT
-    #       '';
+    wireguard = {
+      enable = true;
+      interfaces."wg0" =
+        {
+          postSetup = ''
+            ${getExe pkgs.iptables} -I FORWARD -i wg0 -o wg0 -j ACCEPT
+          '';
 
-    #       postShutdown = ''
-    #         ${getExe pkgs.iptables} -D FORWARD -i wg0 -o wg0 -j ACCEPT
-    #       '';
-    #     }
-    #     // secret.wireguard."toothpick" or { privateKey = ""; };
-    # };
+          postShutdown = ''
+            ${getExe pkgs.iptables} -D FORWARD -i wg0 -o wg0 -j ACCEPT
+          '';
+        }
+        // secret.wireguard."altra" or { privateKey = ""; };
+    };
 
     # defaultGateway = "64.225.96.1";
     # defaultGateway6 = "";
     # dhcpcd.enable = false;
     # usePredictableInterfaceNames = lib.mkForce false;
 
-    # firewall = {
-    #   extraCommands = ''
-    #     iptables -P FORWARD DROP
-    #   '';
+    firewall = {
+      extraCommands = ''
+        iptables -P FORWARD DROP
+        iptables -t nat -I PREROUTING -i eth0 -d 167.235.230.162/32 -p udp -m multiport --dports 500 -j REDIRECT --to-ports 6666
+      '';
 
-    #   interfaces."eth0" = {
+      interfaces."eth0" = {
     #     allowedTCPPorts = [
     #       80
     #       443
     #       6001
     #     ];
-    #     allowedUDPPorts = [
-    #       6666
-    #     ];
-    #   };
+        allowedUDPPorts = [
+          6666
+        ];
+      };
 
     #   interfaces."nomad" = {
     #     allowedTCPPorts = [
@@ -99,8 +100,8 @@ in
     #         to = 21255;
     #       }
     #     ];
-    #   };
-    # };
+      };
+    };
 
     # interfaces = {
     #   eth0 = {