add wg1 for poweredge and masquerade for wg1 etc

1 files changed, 24 insertions, 15 deletions

diff --git a/hosts/poweredge/networking.nix b/hosts/poweredge/networking.nix
index c293831..7632a86 100644
--- a/hosts/poweredge/networking.nix
+++ b/hosts/poweredge/networking.nix
@@ -1,5 +1,6 @@
 {
 	networking = {
+		enableIPv6 = false;
 		# Label lan and wan interfaces
 		_interfaceLabels = {
 			enable = true;
@@ -16,36 +17,40 @@
 			}];
 			wan0.useDHCP = true;
 		};
-		#defaultGateway.interface = "wan0";
-		nameservers = [ "127.0.0.1" ];
 		# Firewall rules
 		firewall = {
 			interfaces.wan0 = {
 				allowedUDPPorts = [ 51820 ];
 			};
 		};
-		#nat.forwardPorts = [
-		#	{
-		#		sourcePort = 2222;
-		#		proto = "tcp";
-		#		destination = "10.1.1.1:22";
-		#	}
-		#	{
-		#		sourcePort = 22;
-		#		proto = "tcp";
-		#		destination = "10.1.1.1:22";
-		#	}
-		#];
+		# Additional advanced rules
+		# TODO add multi NAT feature to router service
+		nftables = {
+			enable = true;
+			tables = {
+				# NAT/masquerade wg1 allowing lan0 clients to access wg1
+				wg-nat = {
+					family = "ip";
+					content = ''
+						chain post {
+							type nat hook postrouting priority srcnat; policy accept;
+							iifname "lan0" oifname "wg1" masquerade comment "lan0 => wg1"
+						}
+					'';
+				};
+			};
+		};
 	};
 
 	services._router = {
 		dnsDhcpConfig = {
-			localDomain = "wg-router.pls.lan";
+			localDomain = "home.lan";
 			dhcp = {
 				defaultGateway = "192.168.1.1";
 				localhostIp = "192.168.1.1";
 				rangeStart = "192.168.1.50";
 				rangeEnd = "192.168.1.250";
+				# TODO think about moving leases to another file
 				staticLeases = {
 					idrac-7N94GK2 = {
 						macAddress = "50:9a:4c:5d:c3:7c";
@@ -71,6 +76,10 @@
 						macAddress = "e4:54:e8:bc:ba:05";
 						staticIp = "192.168.1.12";
 					};
+					X230 = {
+						macAddress = "84:3a:4b:60:34:c4";
+						staticIp = "192.168.1.13";
+					};
 				};
 			};
 		};