nixos-server-config/networking.nix
2019-12-08 08:53:59 +00:00

69 lines
1.6 KiB
Nix

{ config, pkgs, ... }:
{
networking = {
hostName = "nixos-server";
defaultGateway = "10.0.20.1";
nameservers = [ "10.0.20.1" ];
nat = {
enable = true;
externalInterface = "enp2s0";
internalInterfaces = [ "wg0" ];
};
interfaces = {
enp2s0 = {
ipv4.addresses = [ {
address = "10.0.20.28";
prefixLength = 24;
} ];
ipv6.addresses = [ {
address = "2001:470:6a49:2a:31ad:b70d:49f4:75f2";
prefixLength = 128;
} ];
};
};
wireguard.interfaces = {
wg0 = {
ips = [ "10.0.0.1/24" ];
privateKeyFile = "/home/michael/.wireguard/wg0-privkey";
listenPort = 45904;
peers = [ {
publicKey = "Pc/zbM+9SBYi7xgcrM6XSvvWUePydfg41ZSHSdhFsB8=";
allowedIPs = [ "10.0.0.2/32" ];
} {
publicKey = "RRybMt8Y8XhdqBqise5ooghYHOXdTjEWlxJ7rj5yB0A=";
allowedIPs = [ "10.0.0.3/32" ];
} {
publicKey = "B63CWCXFW7YIZDRO/yGFrSr/xeHtUHi7z2v9rpiwOXY=";
allowedIPs = [ "10.0.0.4/32" ];
} {
publicKey = "qel9ErmlZ6eQmnXEqOoon3pOfJWe+NvqTZ6o9ucZKFo=";
allowedIPs = [ "10.0.0.5/32" ];
} ];
};
};
firewall = {
enable = true;
allowedTCPPorts = [
80 # http
22 # ssh
5201 # iperf
2049 # nfs
8000 # 0cd.xyz
];
allowedUDPPorts = [
45904 # wireguard
5201 # iperf
];
extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o enp2s0 -j MASQUERADE
'';
};
};
}