Adding Wg-VPN uncomplete--

2022-08-24 04:47:49 +01:00 · 2022-08-24 04:47:49 +01:00 · 5521c14abb
parent b97ab5e226
commit 5521c14abb
1 changed files with 60 additions and 2 deletions
--- a/hosts/leon/default.nix
+++ b/hosts/leon/default.nix
@ -42,10 +42,68 @@ in
  };

 	networking.firewall = {
-    allowedTCPPorts = [ 5000 22 53 80 8080 777 ];
-    allowedUDPPorts = [ 5000 22 53 80 8080 777 ];  
+    allowedTCPPorts = [ 5000 22 53 80 8080 8800 ];
+    allowedUDPPorts = [ 5000 22 53 80 8080 8800 ];  
  };


+#-------------------------------VPN---------------------------------
+
+ # enable NAT
+ # networking.nat.enable = true;
+ # networking.nat.externalInterface = "eth0";
+ # networking.nat.internalInterfaces = [ "wg0" ];
+ # networking.firewall = {
+ #   allowedUDPPorts = [ 51820 ];
+ # };
+#_______________________________Begin-VPN-Server_____________________
+ 
+ networking.wireguard.interfaces = {
+    #Interface.
+	vpn1 = {
+      #IP address && Subnet.
+      ips = [ "10.10.11.1/24" ];
+
+      #VPN Port.
+      listenPort = 8800;
+
+      # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
+      # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
+      #----------------------Start-Routing----------------------------
+	  postSetup = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o eth0 -j MASQUERADE
+      '';
+
+      # This undoes the above command
+      postShutdown = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+      '';
+      #----------------------End-Routing----------------------------
+
+      # Path to the private key file.
+      #
+      # Note: The private key can also be included inline via the privateKey option,
+      # but this makes the private key world-readable; thus, using privateKeyFile is
+      # recommended.
+      privateKeyFile = "will add later";
+
+      peers = [
+        # List of allowed peers.
+        { # Feel free to give a meaning full name
+          # Public key of the peer (not a file path).
+          publicKey = "{client public key}";
+          # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
+          allowedIPs = [ "10.10.11.0/24" ];
+        }
+       #{ # John Doe
+       #   publicKey = "{john doe's public key}";
+       #   allowedIPs = [ "10.100.0.3/32" ];
+       # }
+      ];
+    };
+  };
+
+
+#-----------------------------END-VPN---------------------------------
  system.stateVersion = "22.05";
 }