From bdf5b1c62ebe04973f59371847918d3201e8808e Mon Sep 17 00:00:00 2001
From: Lillian-Violet <git@lillianviolet.dev>
Date: Wed, 27 Aug 2025 19:19:10 +0200
Subject: [PATCH] let's try this fix for the vpn then

---
 nixos/hosts/wheatley/configuration.nix | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix
index 3b4b4dd..3139423 100644
--- a/nixos/hosts/wheatley/configuration.nix
+++ b/nixos/hosts/wheatley/configuration.nix
@@ -176,14 +176,14 @@
 
     # Configure DNS servers manually (this example uses Cloudflare and Google DNS)
     # IPv6 DNS servers can be used here as well.
-    nameservers = [
+    #nameservers = [
       # "127.0.0.1"
       # "::1"
-      "94.140.14.49"
-      "94.140.14.59"
-      "2a10:50c0:0:0:0:0:ded:ff"
-      "2a10:50c0:0:0:0:0:ded:ff"
-    ];
+      #"94.140.14.49"
+      #"94.140.14.59"
+      #"2a10:50c0:0:0:0:0:ded:ff"
+      #"2a10:50c0:0:0:0:0:ded:ff"
+    #];
 
     wireguard.enable = true;
 
@@ -220,7 +220,7 @@
 
       # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
       # TODO: generate this dynamically based on other hosts
-      mullvad = {
+      wg0 = {
         address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"];
         privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
         dns = ["100.64.0.7"];
@@ -258,17 +258,17 @@
         # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
         postUp = ''
           ${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s mullvad -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s wg0 -o end0 -j MASQUERADE
           ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s mullvad -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s wg0 -o end0 -j MASQUERADE
         '';
 
         # Undo the above
         preDown = ''
           ${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s mullvad -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s wg0 -o end0 -j MASQUERADE
           ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s mullvad -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s wg0 -o end0 -j MASQUERADE
         '';
 
         privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
@@ -306,7 +306,7 @@
       # enable NAT
       enable = true;
       externalInterface = "end0";
-      internalInterfaces = ["wg1" "mullvad"];
+      internalInterfaces = ["wg1" "wg0"];
     };
     firewall = {
       enable = true;
@@ -318,6 +318,7 @@
         80 # http
         443 # https
         51821 # wg
+        51820 # wg-mullvad
         7878
         53 # dnsmasq
       ];