fix vpn config

2022-04-27 22:34:50 +02:00 · 2022-04-27 22:34:50 +02:00 · 0308d6668a
commit 0308d6668a
parent 34feb8a8a5
4 changed files with 14 additions and 29 deletions
--- a/home/home/default.nix
+++ b/home/home/default.nix
@ -2,7 +2,7 @@
 let
  useFeatures = [
    "alacritty"
-    "emacs"
+    #"emacs"
    "vim"
    "direnv"
    "git"
--- a/nixos/ifrit/configuration.nix
+++ b/nixos/ifrit/configuration.nix
@ -19,10 +19,6 @@ in

    vpnServer.enable = true;
    vpnServer.peers = {
-      "metis" = {
-        id = "1";
-        key = "u+HCYDbK0zwbIEfGf+LVQErlJ0vchf5ZYj0N93NB5ns=";
-      };
      "morax" = {
        id = "2";
        key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE=";
@ -39,14 +35,6 @@ in
        id = "5";
        key = "o8B8rTA+u5XOJK4JI+TRCFjVJn/3T7UofLqFRIPoNQk=";
      };
-      "fginfo" = {
-        id = "6";
-        key = "zadidMDiALJUHdhMrGqAa5RGjPN/x5XJ8aR5elnaeUc=";
-      };
-      "fginfo-git" = {
-        id = "7";
-        key = "5EaLm7uC8XzoN8+BaGzgGRUU4q5shM7gQJcs/d7n+Vo=";
-      };
    };
    ddns.domains = [
      "vpn.dadada.li"
@ -134,11 +122,6 @@ in
  networking.interfaces.ens3.useDHCP = true;
  networking.interfaces.ens7.useDHCP = false;

-  boot.kernel.sysctl = {
-    # Enable forwarding for VPN
-    "net.ipv6.conf.ens3.forwarding" = true;
-  };
-
  boot.kernelParams = [
    "console=ttyS0,115200"
  ];
--- a/nixos/modules/networking.nix
+++ b/nixos/modules/networking.nix
@ -56,12 +56,12 @@ in
            "::ffff:0:0/96"
          ];
          private-domain = [
-            "dyn.dadada.li"
+            "dadada.li"
            (mkIf cfg.localResolver.uwu "uwu")
            (mkIf cfg.localResolver.s0 "s0")
          ];
          domain-insecure = [
-            "dyn.dadada.li"
+            "dadada.li"
            (mkIf cfg.localResolver.uwu "uwu")
            (mkIf cfg.localResolver.s0 "s0")
          ];
@ -97,10 +97,9 @@ in
          }
          )
          {
-            name = "dyn.dadada.li.";
+            name = "dadada.li.";
            forward-addr = [
-              "fd42:9c3b:f96d:101::1"
-              "192.168.101.1"
+              "fd42:9c3b:f96d:201::1"
            ];
          }
        ];
@ -115,7 +114,7 @@ in

    networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) {
      dadada = {
-        ips = [ "fd42:9c3b:f96d:200::${cfg.vpnExtension}/64" ];
+        ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" ];
        listenPort = 51234;

        privateKeyFile = "/var/lib/wireguard/privkey";
--- a/nixos/modules/vpnServer.nix
+++ b/nixos/modules/vpnServer.nix
@ -37,23 +37,26 @@ in
      interfaces."wg0" = {
        allowedIPsAsRoutes = true;
        privateKeyFile = "/var/lib/wireguard/wg0-key";
-        ips = [ "fd42:9c3b:f96d:0200::0/64" ];
+        ips = [ "fd42:9c3b:f96d:0201::0/64" ];
        listenPort = 51234;
        peers = map
          (peer: (
            {
-              allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ];
+              allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ];
              publicKey = peer.key;
            }))
          (attrValues cfg.peers);
        postSetup = ''
-          set -x
          wg set wg0 fwmark 51234
-          ip -6 rule add table 2468
-          ip -6 route add table 2468 default dev ens3
+          ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3
+          ip -6 route add table 2468 fd42:9c3b:f96d:201::/64 dev wg0
          ip -6 rule add fwmark 51234 table 2468
        '';
      };
    };
+    boot.kernel.sysctl = {
+      # Enable forwarding for VPN
+      "net.ipv6.conf.all.forwarding" = true;
+    };
  };
 }