From 37391cf22649d05b335907b54662322cdcb5e1f8 Mon Sep 17 00:00:00 2001
From: iFargle <albert@sysctl.io>
Date: Fri, 6 Oct 2023 13:04:39 +0900
Subject: [PATCH] Testing Wireguard

---
 nixos/hosts/nixos-rpi4-01/default.nix  | 17 ++++++++++-------
 nixos/hosts/osaka-vultr-01/default.nix | 19 +++++++++++++------
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/nixos/hosts/nixos-rpi4-01/default.nix b/nixos/hosts/nixos-rpi4-01/default.nix
index d442da00..408ced23 100644
--- a/nixos/hosts/nixos-rpi4-01/default.nix
+++ b/nixos/hosts/nixos-rpi4-01/default.nix
@@ -52,7 +52,7 @@
   # networking.firewall.allowedTCPPorts = [ 22 ];
 
   # Set up the secrets file:
-  sops.secrets."wireguard_keys/osaka-vultr-01/private" = {
+  sops.secrets."wireguard_keys/osaka-vultr-01" = {
     owner = "root";
     sopsFile = ../../../secrets/wireguard.yaml;
   };
@@ -61,14 +61,17 @@
   networking.wireguard = {
     enable = true;
     interfaces = {
-      "exit" = {
+      "wireguard0" = {
         privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-01";
         # Testing
-        peers."osaka-vultr-01" = {
-          publicKey = "";
-          persistentKeepalive = 5;
-          endpoint = "64.176.54.57:51820"
-        };
+        peers = [
+          { # osaka-vultr-01
+            publicKey = "";
+            persistentKeepalive = 5;
+            allowedIPs = [ "0.0.0.0/0" ];
+            endpoint = "64.176.54.57:51820";
+          }
+        ]
       };
     };
   };
diff --git a/nixos/hosts/osaka-vultr-01/default.nix b/nixos/hosts/osaka-vultr-01/default.nix
index 39134d59..515947ee 100644
--- a/nixos/hosts/osaka-vultr-01/default.nix
+++ b/nixos/hosts/osaka-vultr-01/default.nix
@@ -19,7 +19,7 @@
   networking.firewall.allowedUDPPorts = [ 51820 ];
 
   # Set up the secrets file:
-  sops.secrets."wireguard_keys/osaka-vultr-01/private" = {
+  sops.secrets."wireguard_keys/osaka-vultr-01" = {
     owner = "root";
     sopsFile = ../../../secrets/wireguard.yaml;
   };
@@ -29,13 +29,20 @@
   networking.wireguard = {
     enable = true;
     interfaces = {
-      "exit" = {
+      "wireguard0" = {
+        ips = [ "10.100.0.1/24 "];
+        listenPort = 51820;
+        postSetup    = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
+        postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
         privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
         # Testing
-        peers."nixos-rpi4-01" = {
-          publicKey = "";
-          persistentKeepalive = 5;
-        };
+        peers = [
+          { # nixos-rpi4-01
+            publicKey = "";
+            allowedIPs = [ "10.100.0.2/32" ];
+            persistentKeepalive = 5;
+          }
+        ];
       };
     };
   };