69 lines
1.6 KiB
Nix
69 lines
1.6 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
networking = {
|
|
hostName = "nixos-server";
|
|
defaultGateway = "10.0.20.1";
|
|
nameservers = [ "10.0.20.1" ];
|
|
|
|
nat = {
|
|
enable = true;
|
|
externalInterface = "enp2s0";
|
|
internalInterfaces = [ "wg0" ];
|
|
};
|
|
|
|
interfaces = {
|
|
enp2s0 = {
|
|
ipv4.addresses = [ {
|
|
address = "10.0.20.28";
|
|
prefixLength = 24;
|
|
} ];
|
|
ipv6.addresses = [ {
|
|
address = "2001:470:6a49:2a:31ad:b70d:49f4:75f2";
|
|
prefixLength = 128;
|
|
} ];
|
|
};
|
|
};
|
|
|
|
wireguard.interfaces = {
|
|
wg0 = {
|
|
ips = [ "10.0.0.1/24" ];
|
|
privateKeyFile = "/home/michael/.wireguard/wg0-privkey";
|
|
listenPort = 45904;
|
|
peers = [ {
|
|
publicKey = "Pc/zbM+9SBYi7xgcrM6XSvvWUePydfg41ZSHSdhFsB8=";
|
|
allowedIPs = [ "10.0.0.2/32" ];
|
|
} {
|
|
publicKey = "RRybMt8Y8XhdqBqise5ooghYHOXdTjEWlxJ7rj5yB0A=";
|
|
allowedIPs = [ "10.0.0.3/32" ];
|
|
} {
|
|
publicKey = "B63CWCXFW7YIZDRO/yGFrSr/xeHtUHi7z2v9rpiwOXY=";
|
|
allowedIPs = [ "10.0.0.4/32" ];
|
|
} {
|
|
publicKey = "qel9ErmlZ6eQmnXEqOoon3pOfJWe+NvqTZ6o9ucZKFo=";
|
|
allowedIPs = [ "10.0.0.5/32" ];
|
|
} ];
|
|
};
|
|
};
|
|
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
80 # http
|
|
22 # ssh
|
|
5201 # iperf
|
|
2049 # nfs
|
|
8000 # 0cd.xyz
|
|
];
|
|
allowedUDPPorts = [
|
|
45904 # wireguard
|
|
5201 # iperf
|
|
];
|
|
|
|
extraCommands = ''
|
|
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o enp2s0 -j MASQUERADE
|
|
'';
|
|
};
|
|
};
|
|
}
|