nixos-server-config/networking.nix

{ config, pkgs, ... }:

{
  networking = {
    hostName = "nixos-server";
    defaultGateway = "10.0.20.1";
    nameservers = [ "10.0.20.1" ];

    nat = {
      enable = true;
      externalInterface = "enp2s0";
      internalInterfaces = [ "wg0" ];
    };

    interfaces = {
      enp2s0 = {
        ipv4.addresses = [ {
          address = "10.0.20.28";
          prefixLength = 24;
        } ];
        ipv6.addresses = [ {
          address = "2001:470:6a49:2a:31ad:b70d:49f4:75f2";
          prefixLength = 128;
        } ];
      };
    };

    wireguard.interfaces = {
      wg0 = {
        ips = [ "10.0.0.1/24" ];
        privateKeyFile = "/home/michael/.wireguard/wg0-privkey";
        listenPort = 45904;
        peers = [ {
          publicKey = "Pc/zbM+9SBYi7xgcrM6XSvvWUePydfg41ZSHSdhFsB8=";
          allowedIPs = [ "10.0.0.2/32" ];
        } {
          publicKey = "RRybMt8Y8XhdqBqise5ooghYHOXdTjEWlxJ7rj5yB0A=";
          allowedIPs = [ "10.0.0.3/32" ];
        } {
          publicKey = "B63CWCXFW7YIZDRO/yGFrSr/xeHtUHi7z2v9rpiwOXY=";
          allowedIPs = [ "10.0.0.4/32" ];
        } {
          publicKey = "qel9ErmlZ6eQmnXEqOoon3pOfJWe+NvqTZ6o9ucZKFo=";
          allowedIPs = [ "10.0.0.5/32" ];
          } ];
      };
    };

    firewall = {
      enable = true;
      allowedTCPPorts = [
        80   # http
        22   # ssh
        5201 # iperf
        2049 # nfs
        8000 # 0cd.xyz
      ];
      allowedUDPPorts = [ 
        45904 # wireguard 
        5201  # iperf
      ];

      extraCommands = ''
        iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o enp2s0 -j MASQUERADE
      '';
    };
  };
}
Initial commit 2019-11-10 08:41:19 +00:00			`{ config, pkgs, ... }:`

			`{`
			`networking = {`
			`hostName = "nixos-server";`
			`defaultGateway = "10.0.20.1";`
			`nameservers = [ "10.0.20.1" ];`

			`nat = {`
			`enable = true;`
			`externalInterface = "enp2s0";`
			`internalInterfaces = [ "wg0" ];`
			`};`

			`interfaces = {`
			`enp2s0 = {`
			`ipv4.addresses = [ {`
			`address = "10.0.20.28";`
			`prefixLength = 24;`
			`} ];`
			`ipv6.addresses = [ {`
			`address = "2001:470:6a49:2a:31ad:b70d:49f4:75f2";`
			`prefixLength = 128;`
			`} ];`
			`};`
			`};`

			`wireguard.interfaces = {`
			`wg0 = {`
			`ips = [ "10.0.0.1/24" ];`
			`privateKeyFile = "/home/michael/.wireguard/wg0-privkey";`
			`listenPort = 45904;`
			`peers = [ {`
			`publicKey = "Pc/zbM+9SBYi7xgcrM6XSvvWUePydfg41ZSHSdhFsB8=";`
			`allowedIPs = [ "10.0.0.2/32" ];`
			`} {`
			`publicKey = "RRybMt8Y8XhdqBqise5ooghYHOXdTjEWlxJ7rj5yB0A=";`
			`allowedIPs = [ "10.0.0.3/32" ];`
			`} {`
			`publicKey = "B63CWCXFW7YIZDRO/yGFrSr/xeHtUHi7z2v9rpiwOXY=";`
			`allowedIPs = [ "10.0.0.4/32" ];`
			`} {`
			`publicKey = "qel9ErmlZ6eQmnXEqOoon3pOfJWe+NvqTZ6o9ucZKFo=";`
			`allowedIPs = [ "10.0.0.5/32" ];`
			`} ];`
			`};`
			`};`

			`firewall = {`
			`enable = true;`
			`allowedTCPPorts = [`
			`80 # http`
			`22 # ssh`
			`5201 # iperf`
			`2049 # nfs`
updated config 2019-12-08 08:53:59 +00:00			`8000 # 0cd.xyz`
Initial commit 2019-11-10 08:41:19 +00:00			`];`
			`allowedUDPPorts = [`
			`45904 # wireguard`
			`5201 # iperf`
			`];`

			`extraCommands = ''`
			`iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o enp2s0 -j MASQUERADE`
			`'';`
			`};`
			`};`
			`}`