diff --git a/hosts/leon/default.nix b/hosts/leon/default.nix index b764f8cd..0fb46a3e 100644 --- a/hosts/leon/default.nix +++ b/hosts/leon/default.nix @@ -42,10 +42,63 @@ in }; networking.firewall = { - allowedTCPPorts = [ 5000 22 53 80 8080 777 ]; - allowedUDPPorts = [ 5000 22 53 80 8080 777 ]; + allowedTCPPorts = [ 5000 22 53 80 8080 8800 ]; + allowedUDPPorts = [ 5000 22 53 80 8080 8800 ]; }; +#-------------------------------VPN--------------------------------- + + # enable NAT + # networking.nat.enable = true; + # networking.nat.externalInterface = "eth0"; + # networking.nat.internalInterfaces = [ "wg0" ]; + # networking.firewall = { + # allowedUDPPorts = [ 51820 ]; + # }; +#_______________________________Begin-VPN-Server_____________________ + + networking.wireguard.interfaces = { + #Interface. + vpn1 = { + #IP address && Subnet. + ips = [ "10.10.11.1/24" ]; + + #VPN Port. + listenPort = 8800; + + # This allows the wireguard server to route your traffic to the internet and hence be like a VPN + # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients + #----------------------Start-Routing---------------------------- + postSetup = '' + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o eth0 -j MASQUERADE + ''; + + # This undoes the above command + postShutdown = '' + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.11.1/24 -o eth0 -j MASQUERADE + ''; + #----------------------End-Routing---------------------------- + + # Path to the private key file. + # + # Note: The private key can also be included inline via the privateKey option, + # but this makes the private key world-readable; thus, using privateKeyFile is + # recommended. + privateKeyFile = "/etc/wireguard/privatekey"; + + peers = [ + # -----------------leon-Mac-------------------------. + { + publicKey = "okZuIQ90J49IJ3s+/dZyLthvo4rR2kclmTL54Ykglio="; + allowedIPs = [ "10.10.11.0/24" ]; + } + + ]; + }; + }; + + +#-----------------------------END-VPN--------------------------------- system.stateVersion = "22.05"; }