fix vpn config

2022-04-27 22:34:50 +02:00 · 2022-04-27 22:34:50 +02:00 · 0308d6668a
commit 0308d6668a
parent 34feb8a8a5
4 changed files with 14 additions and 29 deletions
--- a/nixos/modules/networking.nix
+++ b/nixos/modules/networking.nix
@ -56,12 +56,12 @@ in
            "::ffff:0:0/96"
          ];
          private-domain = [
-            "dyn.dadada.li"
+            "dadada.li"
            (mkIf cfg.localResolver.uwu "uwu")
            (mkIf cfg.localResolver.s0 "s0")
          ];
          domain-insecure = [
-            "dyn.dadada.li"
+            "dadada.li"
            (mkIf cfg.localResolver.uwu "uwu")
            (mkIf cfg.localResolver.s0 "s0")
          ];
@ -97,10 +97,9 @@ in
          }
          )
          {
-            name = "dyn.dadada.li.";
+            name = "dadada.li.";
            forward-addr = [
-              "fd42:9c3b:f96d:101::1"
-              "192.168.101.1"
+              "fd42:9c3b:f96d:201::1"
            ];
          }
        ];
@ -115,7 +114,7 @@ in

    networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) {
      dadada = {
-        ips = [ "fd42:9c3b:f96d:200::${cfg.vpnExtension}/64" ];
+        ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" ];
        listenPort = 51234;

        privateKeyFile = "/var/lib/wireguard/privkey";
--- a/nixos/modules/vpnServer.nix
+++ b/nixos/modules/vpnServer.nix
@ -37,23 +37,26 @@ in
      interfaces."wg0" = {
        allowedIPsAsRoutes = true;
        privateKeyFile = "/var/lib/wireguard/wg0-key";
-        ips = [ "fd42:9c3b:f96d:0200::0/64" ];
+        ips = [ "fd42:9c3b:f96d:0201::0/64" ];
        listenPort = 51234;
        peers = map
          (peer: (
            {
-              allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ];
+              allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ];
              publicKey = peer.key;
            }))
          (attrValues cfg.peers);
        postSetup = ''
-          set -x
          wg set wg0 fwmark 51234
-          ip -6 rule add table 2468
-          ip -6 route add table 2468 default dev ens3
+          ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3
+          ip -6 route add table 2468 fd42:9c3b:f96d:201::/64 dev wg0
          ip -6 rule add fwmark 51234 table 2468
        '';
      };
    };
+    boot.kernel.sysctl = {
+      # Enable forwarding for VPN
+      "net.ipv6.conf.all.forwarding" = true;
+    };
  };
 }