From 42768ab36e08099075d920f4e20ad0663f280221 Mon Sep 17 00:00:00 2001 From: Sky Hearn Date: Thu, 7 Mar 2024 02:41:55 +0000 Subject: [PATCH] almost working wireguard --- configuration.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configuration.nix b/configuration.nix index 4c33614..3e3cd3c 100644 --- a/configuration.nix +++ b/configuration.nix @@ -31,7 +31,7 @@ # wireguard server setup # enable NAT networking.nat.enable = true; - networking.nat.externalInterface = "eth0"; + networking.nat.externalInterface = "eno4"; networking.nat.internalInterfaces = [ "wg0" ]; networking.firewall = { allowedUDPPorts = [ 51820 ]; @@ -49,12 +49,12 @@ # This allows the wireguard server to route your traffic to the internet and hence be like a VPN # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno4 -j MASQUERADE ''; # This undoes the above command postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno4 -j MASQUERADE ''; # Path to the private key file. @@ -62,7 +62,7 @@ # Note: The private key can also be included inline via the privateKey option, # but this makes the private key world-readable; thus, using privateKeyFile is # recommended. - privateKeyFile = "path to private key file"; + privateKeyFile = "/run/keys/wg-privatekey"; # TODO: Change this to be a sops secret peers = [ # List of allowed peers. @@ -77,7 +77,7 @@ allowedIPs = [ "10.100.0.3/32" ]; } { # skyLaptop - publicKey = "L4msD0mEG2ctKDtaMJW2y3cs1fT2LBRVV7iVlWZ2nZc="; + publicKey = "2sg0sgMMGQrCGt0f/5+1kO/B0Ghfb137DTf9nYctZTM="; allowedIPs = [ "10.100.0.4/32" ]; } { # skyDesktop