319e421f9e
Note: not the actual initial commit. I swear I will stop repeatedly force pushing to this single commit eventually ok.
73 lines
2.1 KiB
Nix
73 lines
2.1 KiB
Nix
{ pkgs, config, lib, ... }:
|
|
|
|
let
|
|
interface = "wg0";
|
|
listenPort = 51821;
|
|
tcpPort = 82;
|
|
in {
|
|
systemd.services = {
|
|
"wg-quick-${interface}".wantedBy = lib.mkForce [ ];
|
|
|
|
"udp2raw-${interface}" = {
|
|
after = [ "network.target" ];
|
|
before = [ "wg-quick-${interface}.service" ];
|
|
requires = [ "wg-quick-${interface}.service" ];
|
|
wantedBy = [ "wg-quick-${interface}.service" ];
|
|
serviceConfig = let
|
|
remoteIP = "66.175.222.204";
|
|
in {
|
|
ExecStartPre = pkgs.writeShellScript "pre-udp2raw-${interface}" ''
|
|
eval "$(
|
|
${pkgs.iproute2}/bin/ip route | ${pkgs.gawk}/bin/awk \
|
|
'$1=="default" {
|
|
printf "%s", "${pkgs.iproute2}/bin/ip route add ${remoteIP}"
|
|
for (i=2; i<=NF; i+=2) {
|
|
if ($i=="via" || $i=="dev" || $i=="metric") {
|
|
printf " %s %s", $i, $(i+1)
|
|
}
|
|
}
|
|
print " proto static"
|
|
}'
|
|
)"
|
|
'';
|
|
ExecStart = pkgs.writeShellScript "udp2raw-${interface}" ''
|
|
exec ${pkgs.udp2raw}/bin/udp2raw -c \
|
|
-l "127.0.0.1:${builtins.toString listenPort}" \
|
|
-r "${remoteIP}:${builtins.toString tcpPort}" \
|
|
-a
|
|
'';
|
|
ExecStopPost = "${pkgs.iproute2}/bin/ip route flush ${remoteIP} proto static";
|
|
Restart = "on-failure";
|
|
};
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
firewall.checkReversePath = "loose";
|
|
|
|
wg-quick.interfaces = {
|
|
${interface} = let
|
|
publicKey = "Awb1R2KZ3v4MArN/Lmxr4BTL0rdFm5dJID6ntifr4GQ=";
|
|
in {
|
|
address = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ];
|
|
dns = [ "10.0.0.1" ];
|
|
privateKeyFile = config.age.secrets.wg-nix-laptop.path;
|
|
|
|
mtu = 1332;
|
|
|
|
postUp = [
|
|
"wg set wg0 peer ${publicKey} persistent-keepalive 25"
|
|
];
|
|
|
|
peers = [
|
|
{
|
|
inherit publicKey;
|
|
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
|
endpoint = "127.0.0.1:${builtins.toString listenPort}";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|