{ pkgs, config, lib, ... }: let interface = "wg0"; listenPort = 51821; tcpPort = 82; in { systemd.services = { "wg-quick-${interface}".wantedBy = lib.mkForce [ ]; "udp2raw-${interface}" = { after = [ "network.target" ]; before = [ "wg-quick-${interface}.service" ]; requires = [ "wg-quick-${interface}.service" ]; wantedBy = [ "wg-quick-${interface}.service" ]; serviceConfig = let remoteIP = "66.175.222.204"; in { ExecStartPre = pkgs.writeShellScript "pre-udp2raw-${interface}" '' eval "$( ${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk \ '$1=="default" { printf "%s", "${pkgs.iproute2}/bin/ip route add ${remoteIP}" for (i=2; i<=NF; i+=2) { if ($i=="via" || $i=="dev" || $i=="metric") { printf " %s %s", $i, $(i+1) } } print " proto static" }' )" ''; ExecStart = pkgs.writeShellScript "udp2raw-${interface}" '' exec ${pkgs.udp2raw}/bin/udp2raw -c \ -l "127.0.0.1:${builtins.toString listenPort}" \ -r "${remoteIP}:${builtins.toString tcpPort}" \ -a ''; ExecStopPost = "${pkgs.iproute2}/bin/ip route flush ${remoteIP} proto static"; Restart = "on-failure"; }; }; }; networking = { firewall.checkReversePath = "loose"; wg-quick.interfaces = { ${interface} = let publicKey = "Awb1R2KZ3v4MArN/Lmxr4BTL0rdFm5dJID6ntifr4GQ="; in { address = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ]; dns = [ "10.0.0.1" ]; privateKeyFile = config.age.secrets.wg-nix-laptop.path; mtu = 1332; postUp = [ "wg set wg0 peer ${publicKey} persistent-keepalive 25" ]; peers = [ { inherit publicKey; allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "127.0.0.1:${builtins.toString listenPort}"; } ]; }; }; }; }