diff --git a/hosts/leon/default.nix b/hosts/leon/default.nix index 0af50a6f..86253e4e 100644 --- a/hosts/leon/default.nix +++ b/hosts/leon/default.nix @@ -1,3 +1,32 @@ +# .--. +# `. \ +# \ \ +# . \ +# : . +# | . +# | : +# | | +# ..._ ___ | | +# `."".`''''""--..___ | | +# ,-\ \ ""-...__ _____________/ | +# / ` " ' `"""""""" . +# \ L +# (> \ +#/ \ +#\_ ___..---. MEOW OS \ +# `--' '. \ +# . \_ +# _/`. `.._ +# .' -. `. +# / __.-Y /''''''-...___,...--------.._ | +# / _." | / ' . \ '---..._ | +# / / / / _,. ' ,/ | | +# \_,' _.' / /'' _,-' _| | +# ' / `-----'' / | +# `...-' `...-' +#-------------------------------------------------------------------------------- + + { zentralwerk, config, pkgs, ... }: let netConfig = zentralwerk.lib.config.site.net.serv; @@ -104,8 +133,8 @@ in }; networking.firewall = { - allowedTCPPorts = [ 5000 22 53 80 8080 8800 ]; - allowedUDPPorts = [ 5000 22 53 80 8080 8800 ]; + allowedTCPPorts = [ 5000 22 53 80 8080 ]; + allowedUDPPorts = [ 5000 22 53 80 8080 8900 8900]; }; @@ -118,10 +147,11 @@ in # networking.firewall = { # allowedUDPPorts = [ 51820 ]; # }; -#_______________________________Begin-VPN-Server_____________________ + +#_______________________________Begin-VPN1-Server____________________________________ networking.wireguard.interfaces = { - #Interface. + #Interface. Trusted VPN vpn1 = { #IP address && Subnet. ips = [ "10.10.11.1/24" ]; @@ -133,12 +163,12 @@ in # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients #----------------------Start-Routing---------------------------- postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o serv -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o pub -j MASQUERADE ''; # This undoes the above command postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.11.1/24 -o serv -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.11.1/24 -o pub -j MASQUERADE ''; #----------------------End-Routing---------------------------- @@ -159,8 +189,46 @@ in ]; }; }; - - #-----------------------------END-VPN--------------------------------- - system.stateVersion = "22.05"; + + +#__________________________Begin-VPN2-Server_____________________ + +networking.wireguard.interfaces = { + #Interface. Untrusted VPN + vpn2 = { + #IP address && Subnet. + ips = [ "10.10.100.1/24" ]; + + #VPN Port. + listenPort = 8900; + + #----------------------Start-Routing---------------------------- + #postSetup = '' + # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.100.1/24 -o serv -j MASQUERADE + #''; + + # This undoes the above command + #postShutdown = '' + # ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.100.1/24 -o serv -j MASQUERADE + #''; + #----------------------End-Routing---------------------------- + + # Path to the private key file. + # + privateKeyFile = "/etc/wireguard/privatekey"; + + peers = [ + # -----------------leon-Mac-------------------------. + { + publicKey = "6GRIp7SjHyu5sgqudtgZdN9CKbV3GYtMnwgo06F4ylo="; + allowedIPs = [ "10.10.100.0/24" ]; + } + ]; + }; + }; + +#-----------------------------END-VPN--------------------------------- + +system.stateVersion = "22.05"; }