Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-04-03 10:40:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

VPN... this is not really stable yet

Browse source
This commit is contained in:
Julien Malka 2022-02-19 22:05:24 +01:00
parent f983465cf5
commit 4841bdf10f
No known key found for this signature in database
GPG key ID: 3C68E13964FEA07F
1 changed files with 67 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
machines/lisa/default.nix
View file

@ -1,6 +1,3 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
@ -52,6 +49,7 @@
}; };
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
@ -76,4 +74,70 @@
services.zfs.autoScrub.enable = true; services.zfs.autoScrub.enable = true;
system.stateVersion = "21.11"; system.stateVersion = "21.11";
networking.firewall = {
allowedTCPPorts = [ ];
allowedUDPPorts = [ 51820 ];
};
networking.nat.enable = true;
networking.nat.externalInterface = "ens20";
networking.nat.internalInterfaces = [ "wg0" ];
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.100.0.1/24" ];
listenPort = 51820;
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens20 -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens20 -j MASQUERADE
'';
privateKeyFile = "/root/wg-private";
peers = [
{
allowedIPs = [ "10.100.0.2/32" ];
publicKey = "WQoOWKT6VFn9p8vyLdI1n8tg8IRX1t7tCWXOa1zcHRU=";
}
{
allowedIPs = [ "10.100.0.3/32" ];
publicKey = "Pp4dQhhdokqYD1JBh+HLoqBbC+FEs64qzXHWfXyu2VE=";
}
{
allowedIPs = [ "10.100.0.4/32" ];
publicKey = "1d10sX645HAbXeXbvAs2zgjsoYgfg7d2UCQV1xKoY3s=";
}
{
allowedIPs = [ "10.100.0.5/32" ];
publicKey = "3BlHbLcL05UObnlIWrC/TMjZKdxrH8HTm8h0xxzAWA8=";
}
{
allowedIPs = [ "10.100.0.6/32" ];
publicKey = "ifMWTkMWpjibnthrRNPtfp2xcgqGQGng3XieVO7Lvzg=";
}
{
allowedIPs = [ "10.100.0.7/32" ];
publicKey = "TAIP4faPBx6gk1cifC6fdfIP6slo1ir+HMVKxQXBejo=";
}
{
allowedIPs = [ "10.100.0.8" ];
publicKey = "EmWRWnZfr60ekm4ZLdwa6gXU6V3p39p6tWOZ03dL+DA=";
}
];
};
};
} }