2024-11-20 05:46:40 +01:00
|
|
|
{ pkgs, ... }:
|
|
|
|
|
let
|
|
|
|
|
wireguard-nat-nftables = import ../../../pkgs/wireguard-nat-nftables pkgs;
|
|
|
|
|
config = pkgs.writeText "wireguard-nat-nftables-config" (builtins.toJSON {
|
|
|
|
|
interface = "ens3";
|
2024-11-20 05:46:40 +01:00
|
|
|
interface_address = "172.16.4.180";
|
2024-11-20 05:46:40 +01:00
|
|
|
wg_interface = "wg0";
|
|
|
|
|
pubkey_port_mapping = {
|
|
|
|
|
"SJ8xCRb4hWm5EnXoV4FnwgbiaxmY2wI+xzfk+3HXERg=" = [ 51827 51829 ];
|
|
|
|
|
"BbNeBTe6HwQuHPK+ZQXWYRZJJMPdS0h81n07omYyRl4=" = [ 51828 51830 ];
|
|
|
|
|
"u9h+D8XZ62ABnetBRKnf6tjs+tJwM8fQ4d6ipOCLFyE=" = [ 51821 51824 ];
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
systemd.services.wireguard-nat-nftables = {
|
|
|
|
|
description = "A python script to update nftable dnat rules based on WireGuard peer IPs";
|
|
|
|
|
requires = [ "wireguard-wg0.service" ];
|
|
|
|
|
after = [ "wireguard-wg0.service" ];
|
|
|
|
|
|
|
|
|
|
script = ''
|
2024-11-20 05:46:40 +01:00
|
|
|
${wireguard-nat-nftables}/bin/wireguard-nat-nftables.py ${config} ${pkgs.nftables}/lib
|
2024-11-20 05:46:40 +01:00
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "simple";
|
|
|
|
|
User = "root";
|
|
|
|
|
Group = "root";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
