fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix WireGuard nat rules

Browse source
This commit is contained in:
yuri 2023-09-18 03:38:09 +02:00
commit 3723b4edf2
11 changed files with 269 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

10
config/hosts/valkyrie/configuration.nix
View file

@ -35,7 +35,7 @@
allowedIPs = [ "10.203.10.2/32" "10.202.0.0/16" ];
}
{
name = "site2-jsts";
name = "site1-jsts";
publicKey = "u9h+D8XZ62ABnetBRKnf6tjs+tJwM8fQ4d6ipOCLFyE=";
presharedKeyFile = "/secrets/wireguard-valkyrie-site1-jsts-psk.secret";
endpoint = "site1.jsts.xyz:51823";
@ -59,12 +59,12 @@
}
];
postSetup = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 172.16.50.0/24 -o ens6 -j MASQUERADE
${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 172.16.50.0/24 -o ens3 -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 172.16.50.0/24 -o ens6 -j MASQUERADE
${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 172.16.50.0/24 -o ens3 -j MASQUERADE
'';
privateKeyFile = "/secrets/wireguard-valkyrie-wg1-privatekey.secret";
};