machines/haku: set up as VPN server with wireguard

Generates a wireguard configuration based on
https://nixos.wiki/wiki/Wireguard and sets up the iptables firewall in
a way that only enables forwarding between `eth0` and the `wg`
interfaces.

The standard NixOS firewall configuration allows `FORWARD` between all
interfaces, and `networking.nat.enable` enables the `ip_forward` rule
in the kernel, meaning packages can suddenly hop interfaces without a
firewall that `DROP`s forwards by default.

0 files changed, 0 insertions, 0 deletions