fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use snat rule instead if masquerade for wireguard nat

Browse source
This commit is contained in:
fi 2023-09-19 15:58:42 +02:00
parent 0d820c58af
commit 215065aa6c
Signed by: fi
SSH key fingerprint: SHA256:d+6fQoDPMbSFK95zRVflRKZLRKF4cPSQb7VIxYkhFsA
3 changed files with 7 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/hosts/valkyrie/configuration.nix
View file

@ -8,7 +8,7 @@
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 51820 51821 51822 51827 51828 ];
allowedUDPPorts = [ 51820 51821 51822 51824 51827 51828 51829 51830 ];
};
wireguard = {
enable = true;

1
config/hosts/valkyrie/services.nix
View file

@ -3,6 +3,7 @@ let
wireguard-nat-nftables = import ../../../pkgs/wireguard-nat-nftables pkgs;
config = pkgs.writeText "wireguard-nat-nftables-config" (builtins.toJSON {
interface = "ens3";
interface_address = "172.16.4.180";
wg_interface = "wg0";
pubkey_port_mapping = {
"SJ8xCRb4hWm5EnXoV4FnwgbiaxmY2wI+xzfk+3HXERg=" = [ 51827 51829 ];