diff options
author | Profpatsch <mail@profpatsch.de> | 2019-05-31 01:00:22 +0200 |
---|---|---|
committer | Profpatsch <mail@profpatsch.de> | 2019-05-31 01:00:22 +0200 |
commit | 1f5bce2292b74483830290e7d75aac46a782c18a (patch) | |
tree | e27b25bd5ed727d88c356f4a0f9db5a6595d2344 /machines/profpatsch/pkgs.nix | |
parent | 11f5279ad3ad01025638b8cf3c62292b3e9faa7f (diff) |
machines/haku: set up as VPN server with wireguard
Generates a wireguard configuration based on https://nixos.wiki/wiki/Wireguard and sets up the iptables firewall in a way that only enables forwarding between `eth0` and the `wg` interfaces. The standard NixOS firewall configuration allows `FORWARD` between all interfaces, and `networking.nat.enable` enables the `ip_forward` rule in the kernel, meaning packages can suddenly hop interfaces without a firewall that `DROP`s forwards by default.
Diffstat (limited to 'machines/profpatsch/pkgs.nix')
0 files changed, 0 insertions, 0 deletions