diff options
| author | Tim Keller <tjk@tjkeller.xyz> | 2026-03-27 15:52:27 -0500 |
|---|---|---|
| committer | Tim Keller <tjk@tjkeller.xyz> | 2026-03-27 15:52:27 -0500 |
| commit | 3dcbd6b10b6cbbd551c41df278cd555d54d46bdf (patch) | |
| tree | e6a4f0ec6005118ca711011c82c91f56556ca447 /hosts | |
| parent | 880435bcaf4446474ce025a89d9639b68ab88d59 (diff) | |
| download | nixos-3dcbd6b10b6cbbd551c41df278cd555d54d46bdf.tar.xz nixos-3dcbd6b10b6cbbd551c41df278cd555d54d46bdf.zip | |
setup flex-wg-router with working config
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/flex-wg-router/configuration.nix | 45 |
1 files changed, 34 insertions, 11 deletions
diff --git a/hosts/flex-wg-router/configuration.nix b/hosts/flex-wg-router/configuration.nix index 6fea096..5777626 100644 --- a/hosts/flex-wg-router/configuration.nix +++ b/hosts/flex-wg-router/configuration.nix @@ -6,33 +6,56 @@ in { # Enable common options _archetypes = { - # Use headless profile profiles.headless = { enable = true; home.users.timmy.enable = true; }; - profiles.router = { - enable = true; - home.users.timmy.enable = true; - }; + profiles.router.enable = true; }; networking = { + # Label lan and wan interfaces _interfaceLabels = { - lan0 = "98:b7:85:22:9b:43"; # internal - wan0 = "54:ee:75:8c:4b:2d"; # external + enable = true; + interfaces = { + lan0 = "98:b7:85:22:9b:43"; # Internal + wan0 = "54:ee:75:8c:4b:2d"; # External + }; }; - #useDHCP = false; # TODO Enable when accessible via wireguard + # Set ip addresses interfaces = { lan0.ipv4.addresses = [{ address = ipAddress; prefixLength = 24; }]; wan0.ipv4.addresses = [{ - address = "46.110.173.165"; # Public static ip 4 + address = "46.110.173.163"; # Reserved static ip for wg-router prefixLength = 31; }]; }; + defaultGateway = { + address = "46.110.173.161"; + interface = "wan0"; + }; + nameservers = [ "127.0.0.1" ]; + # Firewall rules + firewall = { + interfaces.wan0 = { + allowedTCPPorts = [ 22 ]; + }; + }; + #nat.forwardPorts = [ + # { + # sourcePort = 2222; + # proto = "tcp"; + # destination = "10.1.1.1:22"; + # } + # { + # sourcePort = 22; + # proto = "tcp"; + # destination = "10.1.1.1:22"; + # } + #]; }; services._router = { @@ -44,8 +67,8 @@ in { rangeStart = "10.1.1.100"; rangeEnd = "10.1.1.250"; staticLeases = { - poweredge-pro-idrac = { - macAddress = "00:11:22:33:44:55"; + idrac-8HT2W52 = { + macAddress = "18:fb:7b:9d:16:b3"; staticIp = "10.1.1.10"; }; }; |