Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

let's try this fix for the vpn then

Browse source
This commit is contained in:
Lillian Violet 2025-08-27 19:19:10 +02:00
parent 33c0ba3238
commit bdf5b1c62e
1 changed files with 13 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

25
nixos/hosts/wheatley/configuration.nix
View file

@ -176,14 +176,14 @@
# Configure DNS servers manually (this example uses Cloudflare and Google DNS) # Configure DNS servers manually (this example uses Cloudflare and Google DNS)
# IPv6 DNS servers can be used here as well. # IPv6 DNS servers can be used here as well.
nameservers = [ #nameservers = [
# "127.0.0.1" # "127.0.0.1"
# "::1" # "::1"
"94.140.14.49" #"94.140.14.49"
"94.140.14.59" #"94.140.14.59"
"2a10:50c0:0:0:0:0:ded:ff" #"2a10:50c0:0:0:0:0:ded:ff"
"2a10:50c0:0:0:0:0:ded:ff" #"2a10:50c0:0:0:0:0:ded:ff"
]; #];
wireguard.enable = true; wireguard.enable = true;
@ -220,7 +220,7 @@
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg= # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
# TODO: generate this dynamically based on other hosts # TODO: generate this dynamically based on other hosts
mullvad = { wg0 = {
address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"]; address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"];
privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path; privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
dns = ["100.64.0.7"]; dns = ["100.64.0.7"];
@ -258,17 +258,17 @@
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = '' postUp = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT ${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s mullvad -o end0 -j MASQUERADE ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s wg0 -o end0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg1 -j ACCEPT ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s mullvad -o end0 -j MASQUERADE ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s wg0 -o end0 -j MASQUERADE
''; '';
# Undo the above # Undo the above
preDown = '' preDown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT ${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s mullvad -o end0 -j MASQUERADE ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s wg0 -o end0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg1 -j ACCEPT ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg1 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s mullvad -o end0 -j MASQUERADE ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s wg0 -o end0 -j MASQUERADE
''; '';
privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path; privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
@ -306,7 +306,7 @@
# enable NAT # enable NAT
enable = true; enable = true;
externalInterface = "end0"; externalInterface = "end0";
internalInterfaces = ["wg1" "mullvad"]; internalInterfaces = ["wg1" "wg0"];
}; };
firewall = { firewall = {
enable = true; enable = true;
@ -318,6 +318,7 @@
80 # http 80 # http
443 # https 443 # https
51821 # wg 51821 # wg
51820 # wg-mullvad
7878 7878
53 # dnsmasq 53 # dnsmasq
]; ];