Merge pull request 'vps-leon' (#67) from leon/nix-config:vps-leon into master

Reviewed-on: #67
2022-09-25 23:19:45 +02:00 · 2022-09-25 23:19:45 +02:00 · 36c6c55fab
parent b65d6a8f94 cbd8635788
commit 36c6c55fab
2 changed files with 7 additions and 29 deletions
--- a/hosts/leon/default.nix
+++ b/hosts/leon/default.nix
@ -58,7 +58,7 @@
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
-     wget vim python3Full nmap htop wireguard-tools 
+     wget vim python3Full   python310Packages.pip nmap htop wireguard-tools
   ];
@ -76,17 +76,6 @@
    allowedUDPPorts = [ 5000 22 53 80 8080 18900 19900 ];  
  };
 #-------------------------------VPN---------------------------------
 # enable NAT
 # networking.nat.enable = true;
 # networking.nat.externalInterface = "eth0";
 # networking.nat.internalInterfaces = [ "wg0" ];
 # networking.firewall = {
 #   allowedUDPPorts = [ 51820 ];
 # };
 #_______________________________Begin-VPN1-Server____________________________________
 networking.wireguard.interfaces = {
@ -94,12 +83,9 @@
 	vpn1 = {
      #IP address && Subnet.
      ips = [ "10.10.11.1/24" ];
      #VPN Port.
      listenPort = 18900;
-
+      privateKeyFile = "/etc/wireguard/privatekey";
      # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
      # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
      #----------------------Start-Routing----------------------------
 	  postSetup = ''
        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o flpk -j MASQUERADE
@ -110,15 +96,8 @@
        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.11.1/24 -o flpk -j MASQUERADE
      '';
      #----------------------End-Routing----------------------------
-
+     
-      # Path to the private key file.
+	 peers = [
      #
      # Note: The private key can also be included inline via the privateKey option,
      # but this makes the private key world-readable; thus, using privateKeyFile is
      # recommended.
      privateKeyFile = "/etc/wireguard/privatekey";
      peers = [
          # ------------------leon-------------------------.
        {
 		  #leoncloud-vm
--- a/hosts/leoncloud/default.nix
+++ b/hosts/leoncloud/default.nix
@ -36,7 +36,7 @@
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
-    wget vim python3Full nmap htop wireguard-tools docker-compose 
+    wget vim python3Full python310Packages.pip nmap htop wireguard-tools docker-compose 
  ];
  users.users.leoncloud = {
@ -63,15 +63,14 @@
 #------------------Wireguard-client----------------------------
 # Enable WireGuard
  networking.wireguard.interfaces = {
-    wg0 = {
+    vpn = {
      ips = [ "10.10.11.4/24" ];
      privateKeyFile = "/etc/nixos/wireguard-keys/private-key";
      peers = [
        {
          publicKey = "w3qegSSuqFTFrGk4XJaWBSwGDOiqbnnAIR9MzwjYVA8=";
          allowedIPs = [ "10.10.11.0/24" ];
-          endpoint = "45.158.40.162:18800";
+          endpoint = "45.158.40.162:18900";
          persistentKeepalive = 25;
        }
      ];