let's try this fix for the vpn then

2025-08-27 19:19:10 +02:00 · 2025-08-27 19:19:10 +02:00 · bdf5b1c62e
commit bdf5b1c62e
parent 33c0ba3238
1 changed files with 13 additions and 12 deletions
--- a/nixos/hosts/wheatley/configuration.nix
+++ b/nixos/hosts/wheatley/configuration.nix
@ -176,14 +176,14 @@

    # Configure DNS servers manually (this example uses Cloudflare and Google DNS)
    # IPv6 DNS servers can be used here as well.
-    nameservers = [
+    #nameservers = [
      # "127.0.0.1"
      # "::1"
-      "94.140.14.49"
-      "94.140.14.59"
-      "2a10:50c0:0:0:0:0:ded:ff"
-      "2a10:50c0:0:0:0:0:ded:ff"
-    ];
+      #"94.140.14.49"
+      #"94.140.14.59"
+      #"2a10:50c0:0:0:0:0:ded:ff"
+      #"2a10:50c0:0:0:0:0:ded:ff"
+    #];

    wireguard.enable = true;

@ -220,7 +220,7 @@

      # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
      # TODO: generate this dynamically based on other hosts
-      mullvad = {
+      wg0 = {
        address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"];
        privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
        dns = ["100.64.0.7"];
@ -258,17 +258,17 @@
        # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
        postUp = ''
          ${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s mullvad -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s wg0 -o end0 -j MASQUERADE
          ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s mullvad -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s wg0 -o end0 -j MASQUERADE
        '';

        # Undo the above
        preDown = ''
          ${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s mullvad -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s wg0 -o end0 -j MASQUERADE
          ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg1 -j ACCEPT
-          ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s mullvad -o end0 -j MASQUERADE
+          ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s wg0 -o end0 -j MASQUERADE
        '';

        privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
@ -306,7 +306,7 @@
      # enable NAT
      enable = true;
      externalInterface = "end0";
-      internalInterfaces = ["wg1" "mullvad"];
+      internalInterfaces = ["wg1" "wg0"];
    };
    firewall = {
      enable = true;
@ -318,6 +318,7 @@
        80 # http
        443 # https
        51821 # wg
+        51820 # wg-mullvad
        7878
        53 # dnsmasq
      ];