Use another subnet for WireGuard tunnel as is conflicts with the openstack internal subnet

config/hosts/valkyrie/configuration.nix

@@ -48,23 +48,23 @@
         wg1 = {
           listenPort = 51822;
           ips = [
-            "172.16.50.1/24"
+            "172.18.50.1/24"
           ];
           peers = [
             {
               name = "mail-1";
               publicKey = "CyKPjkY1ah/lE6V3R0XugNo28doeAtD8wEtAeDB7bHs=";
               presharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-valkyrie-psk.secret";
-              allowedIPs = [ "172.16.50.2/32" ];
+              allowedIPs = [ "172.18.50.2/32" ];
             }
           ];
           postSetup = ''
             ${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT
-            ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 172.16.50.0/24 -o ens3 -j MASQUERADE
+            ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 172.18.50.0/24 -o ens3 -j MASQUERADE
           '';
           postShutdown = ''
             ${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT
-            ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 172.16.50.0/24 -o ens3 -j MASQUERADE
+            ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 172.18.50.0/24 -o ens3 -j MASQUERADE
           '';
           privateKeyFile = "/secrets/wireguard-valkyrie-wg1-privatekey.secret";
         };
@@ -76,17 +76,17 @@
       externalInterface = "ens3";
       forwardPorts = [
         {
-          destination = "172.16.50.2:25";
+          destination = "172.18.50.2:25";
           proto = "tcp";
           sourcePort = 25;
         }
         {
-          destination = "172.16.50.2:465";
+          destination = "172.18.50.2:465";
           proto = "tcp";
           sourcePort = 465;
         }
         {
-          destination = "172.16.50.2:993";
+          destination = "172.18.50.2:993";
           proto = "tcp";
           sourcePort = 993;
         }