From e84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Sun, 24 Mar 2024 19:05:39 +0100
Subject: Add wireguard and more updates

---
 nixos/configurations/lipwig.nix | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

(limited to 'nixos/configurations/lipwig.nix')

diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index c484541..0eefe5f 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -19,6 +19,7 @@
         enable = false;
         baseDir = "/nas";
       };
+      wireguard = true;
       openvpn.oldpersonal = true;
     };
 
@@ -29,10 +30,21 @@
       fsType = "nfs";
     };
 
-    networking.firewall = {
-      allowedTCPPorts = [80 443];
-      allowedUDPPorts = [1194];
+    networking = {
+      useNetworkd = true;
+      useDHCP = false;
+      nftables.enable = true;
+      firewall = {
+        allowedTCPPorts = [80 443];
+        allowedUDPPorts = [1194];
+        filterForward = true;
+        extraForwardRules = ''
+          iifname {"wg", "personalvpn"} oifname {"wg", "personalvpn"} accept
+        '';
+      };
     };
+    systemd.network.wait-online.enable = false;
+    systemd.services.networking-setup.wantedBy = ["network-online.target"];
 
     # Web ######################################################################
     services.nginx = {
-- 
cgit v1.2.3