Merge pull request 'vps-leon' (#67) from leon/nix-config:vps-leon into master
Reviewed-on: #67
This commit is contained in:
commit
36c6c55fab
|
@ -58,7 +58,7 @@
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget vim python3Full nmap htop wireguard-tools
|
wget vim python3Full python310Packages.pip nmap htop wireguard-tools
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
|
@ -76,17 +76,6 @@
|
||||||
allowedUDPPorts = [ 5000 22 53 80 8080 18900 19900 ];
|
allowedUDPPorts = [ 5000 22 53 80 8080 18900 19900 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
#-------------------------------VPN---------------------------------
|
|
||||||
|
|
||||||
# enable NAT
|
|
||||||
# networking.nat.enable = true;
|
|
||||||
# networking.nat.externalInterface = "eth0";
|
|
||||||
# networking.nat.internalInterfaces = [ "wg0" ];
|
|
||||||
# networking.firewall = {
|
|
||||||
# allowedUDPPorts = [ 51820 ];
|
|
||||||
# };
|
|
||||||
|
|
||||||
#_______________________________Begin-VPN1-Server____________________________________
|
#_______________________________Begin-VPN1-Server____________________________________
|
||||||
|
|
||||||
networking.wireguard.interfaces = {
|
networking.wireguard.interfaces = {
|
||||||
|
@ -94,12 +83,9 @@
|
||||||
vpn1 = {
|
vpn1 = {
|
||||||
#IP address && Subnet.
|
#IP address && Subnet.
|
||||||
ips = [ "10.10.11.1/24" ];
|
ips = [ "10.10.11.1/24" ];
|
||||||
|
|
||||||
#VPN Port.
|
#VPN Port.
|
||||||
listenPort = 18900;
|
listenPort = 18900;
|
||||||
|
privateKeyFile = "/etc/wireguard/privatekey";
|
||||||
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
|
|
||||||
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
|
|
||||||
#----------------------Start-Routing----------------------------
|
#----------------------Start-Routing----------------------------
|
||||||
postSetup = ''
|
postSetup = ''
|
||||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o flpk -j MASQUERADE
|
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o flpk -j MASQUERADE
|
||||||
|
@ -111,13 +97,6 @@
|
||||||
'';
|
'';
|
||||||
#----------------------End-Routing----------------------------
|
#----------------------End-Routing----------------------------
|
||||||
|
|
||||||
# Path to the private key file.
|
|
||||||
#
|
|
||||||
# Note: The private key can also be included inline via the privateKey option,
|
|
||||||
# but this makes the private key world-readable; thus, using privateKeyFile is
|
|
||||||
# recommended.
|
|
||||||
privateKeyFile = "/etc/wireguard/privatekey";
|
|
||||||
|
|
||||||
peers = [
|
peers = [
|
||||||
# ------------------leon-------------------------.
|
# ------------------leon-------------------------.
|
||||||
{
|
{
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget vim python3Full nmap htop wireguard-tools docker-compose
|
wget vim python3Full python310Packages.pip nmap htop wireguard-tools docker-compose
|
||||||
];
|
];
|
||||||
|
|
||||||
users.users.leoncloud = {
|
users.users.leoncloud = {
|
||||||
|
@ -63,15 +63,14 @@
|
||||||
#------------------Wireguard-client----------------------------
|
#------------------Wireguard-client----------------------------
|
||||||
# Enable WireGuard
|
# Enable WireGuard
|
||||||
networking.wireguard.interfaces = {
|
networking.wireguard.interfaces = {
|
||||||
wg0 = {
|
vpn = {
|
||||||
ips = [ "10.10.11.4/24" ];
|
ips = [ "10.10.11.4/24" ];
|
||||||
privateKeyFile = "/etc/nixos/wireguard-keys/private-key";
|
privateKeyFile = "/etc/nixos/wireguard-keys/private-key";
|
||||||
|
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
publicKey = "w3qegSSuqFTFrGk4XJaWBSwGDOiqbnnAIR9MzwjYVA8=";
|
publicKey = "w3qegSSuqFTFrGk4XJaWBSwGDOiqbnnAIR9MzwjYVA8=";
|
||||||
allowedIPs = [ "10.10.11.0/24" ];
|
allowedIPs = [ "10.10.11.0/24" ];
|
||||||
endpoint = "45.158.40.162:18800";
|
endpoint = "45.158.40.162:18900";
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in New Issue
Block a user