Add wireguard-nat-nftables python script
This commit is contained in:
parent
34b8dcef9c
commit
ea11e41005
6 changed files with 152 additions and 4 deletions
|
|
@ -4,5 +4,6 @@
|
|||
./configuration.nix
|
||||
./nginx.nix
|
||||
./containers/uptime-kuma
|
||||
./services.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
30
config/hosts/valkyrie/services.nix
Normal file
30
config/hosts/valkyrie/services.nix
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
wireguard-nat-nftables = import ../../../pkgs/wireguard-nat-nftables pkgs;
|
||||
config = pkgs.writeText "wireguard-nat-nftables-config" (builtins.toJSON {
|
||||
interface = "ens3";
|
||||
wg_interface = "wg0";
|
||||
pubkey_port_mapping = {
|
||||
"SJ8xCRb4hWm5EnXoV4FnwgbiaxmY2wI+xzfk+3HXERg=" = [ 51827 51829 ];
|
||||
"BbNeBTe6HwQuHPK+ZQXWYRZJJMPdS0h81n07omYyRl4=" = [ 51828 51830 ];
|
||||
"u9h+D8XZ62ABnetBRKnf6tjs+tJwM8fQ4d6ipOCLFyE=" = [ 51821 51824 ];
|
||||
};
|
||||
});
|
||||
in
|
||||
{
|
||||
systemd.services.wireguard-nat-nftables = {
|
||||
description = "A python script to update nftable dnat rules based on WireGuard peer IPs";
|
||||
requires = [ "wireguard-wg0.service" ];
|
||||
after = [ "wireguard-wg0.service" ];
|
||||
|
||||
script = ''
|
||||
${wireguard-nat-nftables}/bin/wireguard-nat-nftables.py ${config}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = "root";
|
||||
Group = "root";
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue