summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2018-12-12 17:53:38 +0100
committermakefu <github@syntax-fehler.de>2018-12-12 17:53:38 +0100
commit97aaf34c3311291ac47967ac1313e2d955b8228a (patch)
treed119d7ae674863f645e840e14bde0fbfe6f6a16c /lass/1systems/prism
parent2e18ee84f02c0d7abcf936b1d39c42ab8e75825c (diff)
parent25cf61f6a74b69656d15f52021f25a6c2e4068e6 (diff)
Merge remote-tracking branch 'lass/master' into HEAD
Diffstat (limited to 'lass/1systems/prism')
-rw-r--r--lass/1systems/prism/config.nix33
1 files changed, 15 insertions, 18 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index e2097e93a..ec3976519 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -297,31 +297,28 @@ with import <stockholm/lib>;
};
}
{
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ imports = [
+ <stockholm/lass/2configs/wirelum.nix>
];
+ #krebs.iptables.tables.nat.PREROUTING.rules = [
+ # { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ #];
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; }
{ v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
];
- networking.wireguard.interfaces.wg0 = {
- ips = [ "10.244.1.1/24" ];
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wireguard.key";
- allowedIPsAsRoutes = true;
- peers = [
- {
- # lass-android
- allowedIPs = [ "10.244.1.2/32" ];
- publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
- }
- ];
+ services.dnsmasq = {
+ enable = true;
+ resolveLocalQueries = false;
+
+ extraConfig= ''
+ listen-address=10.244.1.1
+ except-interface=lo
+ interface=wg0
+ '';
};
}
{