summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2023-09-17 15:46:42 +0530
committersinanmohd <sinan@sinanmohd.com>2023-09-17 16:02:30 +0530
commitff2ded07e7a525b2e26fc5d87b8ee258af53be93 (patch)
treef4c2d0414ae4bda7b2938552da578b88388cb5c7 /hosts
parentbf8a48eae55bec89f06508136d65ee98ceace558 (diff)
kay/networking: clean up
Diffstat (limited to 'hosts')
-rw-r--r--hosts/kay/modules/router.nix17
-rw-r--r--hosts/kay/modules/wireguard.nix15
2 files changed, 12 insertions, 20 deletions
diff --git a/hosts/kay/modules/router.nix b/hosts/kay/modules/router.nix
index e390ded..cf748ce 100644
--- a/hosts/kay/modules/router.nix
+++ b/hosts/kay/modules/router.nix
@@ -11,7 +11,11 @@ let
in
{
networking = {
- nat.enable = true;
+ nat = {
+ enable = true;
+ externalInterface = wanInterface;
+ internalInterfaces = [ lanInterface ];
+ };
useDHCP = false;
interfaces."${lanInterface}" = {
ipv4.addresses = [{
@@ -20,17 +24,10 @@ in
}];
};
firewall = {
+ allowedUDPPorts = [ 53 67 ];
+ allowedTCPPorts = [ 53 ];
extraCommands = ''
- # nat datagrams comming through lanInterface to wanInterface
iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE
-
- # allow all traffic on lanInterface interface
- iptables -I INPUT 1 -i ${lanInterface} -j ACCEPT
-
- # forward rules
- iptables -I FORWARD 1 -i ${lanInterface} -o ${lanInterface} -j ACCEPT
- iptables -I FORWARD 1 -i ${wanInterface} -o ${lanInterface} -j ACCEPT
- iptables -I FORWARD 1 -i ${lanInterface} -o ${wanInterface} -j ACCEPT
'';
};
};
diff --git a/hosts/kay/modules/wireguard.nix b/hosts/kay/modules/wireguard.nix
index 4839280..efafdcb 100644
--- a/hosts/kay/modules/wireguard.nix
+++ b/hosts/kay/modules/wireguard.nix
@@ -11,20 +11,15 @@ in
sops.secrets."misc/wireguard" = {};
networking = {
- nat.enable = true;
+ nat = {
+ enable = true;
+ externalInterface = wanInterface;
+ internalInterfaces = [ wgInterface ];
+ };
firewall = {
allowedUDPPorts = [ port ];
extraCommands = ''
- # nat datagrams comming through lanInterface to wanInterface
iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE
-
- # allow all traffic on lanInterface interface
- iptables -I INPUT 1 -i ${wgInterface} -j ACCEPT
-
- # forward rules
- iptables -I FORWARD 1 -i ${wgInterface} -o ${wgInterface} -j ACCEPT
- iptables -I FORWARD 1 -i ${wanInterface} -o ${wgInterface} -j ACCEPT
- iptables -I FORWARD 1 -i ${wgInterface} -o ${wanInterface} -j ACCEPT
'';
};