Use snat rule instead if masquerade for wireguard nat

2023-09-19 15:58:42 +02:00 · 2023-09-19 15:58:42 +02:00 · 6c6cfb6da8
commit 6c6cfb6da8
parent 74d5abdfe2
3 changed files with 7 additions and 16 deletions
--- a/config/hosts/valkyrie/configuration.nix
+++ b/config/hosts/valkyrie/configuration.nix
@ -8,7 +8,7 @@
    firewall = {
      enable = true;
      allowedTCPPorts = [ 80 443 ];
-      allowedUDPPorts = [ 51820 51821 51822 51827 51828 ];
+      allowedUDPPorts = [ 51820 51821 51822 51824 51827 51828 51829 51830 ];
    };
    wireguard = {
      enable = true;
--- a/config/hosts/valkyrie/services.nix
+++ b/config/hosts/valkyrie/services.nix
@ -3,6 +3,7 @@ let
  wireguard-nat-nftables = import ../../../pkgs/wireguard-nat-nftables pkgs;
  config = pkgs.writeText "wireguard-nat-nftables-config" (builtins.toJSON {
    interface = "ens3";
+    interface_address = "172.16.4.180";
    wg_interface = "wg0";
    pubkey_port_mapping = {
      "SJ8xCRb4hWm5EnXoV4FnwgbiaxmY2wI+xzfk+3HXERg=" = [ 51827 51829 ];