diff --git a/nixos/hosts/nixos-rpi4-03/default.nix b/nixos/hosts/nixos-rpi4-03/default.nix index da430234..205ea75e 100644 --- a/nixos/hosts/nixos-rpi4-03/default.nix +++ b/nixos/hosts/nixos-rpi4-03/default.nix @@ -52,6 +52,7 @@ # Temporary # networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedUDPPorts = [ 51820 ]; # Set up the secrets file: sops.secrets."wireguard_keys/nixos-rpi4-03" = { @@ -68,16 +69,17 @@ enable = true; interfaces = { "wireguard0" = { - ips = [ "10.100.0.2/32" ]; + ips = [ "10.100.0.2/24" ]; + listenPort = 51820; privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-03"; # Testing peers = [ { # osaka-vultr-01 publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE="; + presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; persistentKeepalive = 5; allowedIPs = [ "0.0.0.0/0" ]; endpoint = "64.176.54.57:51820"; - presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; } ]; }; diff --git a/nixos/hosts/osaka-vultr-01/default.nix b/nixos/hosts/osaka-vultr-01/default.nix index bf4205ee..52bb0cf7 100644 --- a/nixos/hosts/osaka-vultr-01/default.nix +++ b/nixos/hosts/osaka-vultr-01/default.nix @@ -39,16 +39,17 @@ "wireguard0" = { ips = [ "10.100.0.1/24" ]; listenPort = 51820; + privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01"; + postSetup = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE''; postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE''; - privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01"; # Testing peers = [ { # nixos-rpi4-03 publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek="; - allowedIPs = [ "10.100.0.2/32" ]; - persistentKeepalive = 5; presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; + persistentKeepalive = 5; + allowedIPs = [ "10.100.0.2/32" ]; } ]; };