Setup wireguard on altra

Signed-off-by: Magic_RB <magic_rb@redalder.org>
2024-11-22 08:04:20 +01:00 · 2023-07-27 20:58:53 +02:00 · 2023-07-27 20:58:53 +02:00 · 262a2fba32
parent 3aa375c48e
commit 262a2fba32
2 changed files with 27 additions and 26 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1498,8 +1498,8 @@
    "secret": {
      "flake": false,
      "locked": {
-        "lastModified": 1689723668,
-        "narHash": "sha256-o+sV0G+Hc3pgw6Es12ki2WpDdE0KpKVKdgqdjnVAb+4=",
+        "lastModified": 1690482869,
+        "narHash": "sha256-in5I/oRcup7cZtR4lMTSiw8m5eDBFrk31AkTNdTlN3s=",
        "path": "/home/main/dotfiles2/secret",
        "type": "path"
      },
--- a/nixos/systems/altra/networking.nix
+++ b/nixos/systems/altra/networking.nix
@ -25,41 +25,42 @@ in
    #   "67.207.67.3"
    # ];

-    # wireguard = {
-    #   enable = true;
-    #   interfaces."wg0" =
-    #     {
-    #       postSetup = ''
-    #         ${getExe pkgs.iptables} -I FORWARD -i wg0 -o wg0 -j ACCEPT
-    #       '';
+    wireguard = {
+      enable = true;
+      interfaces."wg0" =
+        {
+          postSetup = ''
+            ${getExe pkgs.iptables} -I FORWARD -i wg0 -o wg0 -j ACCEPT
+          '';

-    #       postShutdown = ''
-    #         ${getExe pkgs.iptables} -D FORWARD -i wg0 -o wg0 -j ACCEPT
-    #       '';
-    #     }
-    #     // secret.wireguard."toothpick" or { privateKey = ""; };
-    # };
+          postShutdown = ''
+            ${getExe pkgs.iptables} -D FORWARD -i wg0 -o wg0 -j ACCEPT
+          '';
+        }
+        // secret.wireguard."altra" or { privateKey = ""; };
+    };

    # defaultGateway = "64.225.96.1";
    # defaultGateway6 = "";
    # dhcpcd.enable = false;
    # usePredictableInterfaceNames = lib.mkForce false;

-    # firewall = {
-    #   extraCommands = ''
-    #     iptables -P FORWARD DROP
-    #   '';
+    firewall = {
+      extraCommands = ''
+        iptables -P FORWARD DROP
+        iptables -t nat -I PREROUTING -i eth0 -d 167.235.230.162/32 -p udp -m multiport --dports 500 -j REDIRECT --to-ports 6666
+      '';

-    #   interfaces."eth0" = {
+      interfaces."eth0" = {
    #     allowedTCPPorts = [
    #       80
    #       443
    #       6001
    #     ];
-    #     allowedUDPPorts = [
-    #       6666
-    #     ];
-    #   };
+        allowedUDPPorts = [
+          6666
+        ];
+      };

    #   interfaces."nomad" = {
    #     allowedTCPPorts = [
@ -99,8 +100,8 @@ in
    #         to = 21255;
    #       }
    #     ];
-    #   };
-    # };
+      };
+    };

    # interfaces = {
    #   eth0 = {