diff options
author | makefu <github@syntax-fehler.de> | 2018-12-12 17:53:38 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2018-12-12 17:53:38 +0100 |
commit | 97aaf34c3311291ac47967ac1313e2d955b8228a (patch) | |
tree | d119d7ae674863f645e840e14bde0fbfe6f6a16c /lass/1systems/prism | |
parent | 2e18ee84f02c0d7abcf936b1d39c42ab8e75825c (diff) | |
parent | 25cf61f6a74b69656d15f52021f25a6c2e4068e6 (diff) |
Merge remote-tracking branch 'lass/master' into HEAD
Diffstat (limited to 'lass/1systems/prism')
-rw-r--r-- | lass/1systems/prism/config.nix | 33 |
1 files changed, 15 insertions, 18 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e2097e93a..ec3976519 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -297,31 +297,28 @@ with import <stockholm/lib>; }; } { - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + imports = [ + <stockholm/lass/2configs/wirelum.nix> ]; + #krebs.iptables.tables.nat.PREROUTING.rules = [ + # { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + #]; krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } ]; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.1.1/24" ]; - listenPort = 51820; - privateKeyFile = (toString <secrets>) + "/wireguard.key"; - allowedIPsAsRoutes = true; - peers = [ - { - # lass-android - allowedIPs = [ "10.244.1.2/32" ]; - publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; - } - ]; + services.dnsmasq = { + enable = true; + resolveLocalQueries = false; + + extraConfig= '' + listen-address=10.244.1.1 + except-interface=lo + interface=wg0 + ''; }; } { |