From b8f2c5c5314ab71b3faf57559cc1b03f68b6ea54 Mon Sep 17 00:00:00 2001
From: dadada <dadada@dadada.li>
Date: Wed, 27 Apr 2022 19:30:58 +0200
Subject: [PATCH] enable forwarding on vpn

---
 nixos/ifrit/configuration.nix |  5 +++++
 nixos/modules/vpnServer.nix   | 36 +++++++++++++++++++++--------------
 2 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix
index b566737..fdb5a57 100644
--- a/nixos/ifrit/configuration.nix
+++ b/nixos/ifrit/configuration.nix
@@ -134,6 +134,11 @@ in
   networking.interfaces.ens3.useDHCP = true;
   networking.interfaces.ens7.useDHCP = false;
 
+  boot.kernel.sysctl = {
+    # Enable forwarding for VPN
+    "net.ipv6.conf.ens3.forwarding" = true;
+  };
+
   fileSystems."/mnt/storage" = {
     device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7";
     mountPoint = "/mnt/storage";
diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix
index 7c213c8..91f2182 100644
--- a/nixos/modules/vpnServer.nix
+++ b/nixos/modules/vpnServer.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, pkgs, lib, ... }:
 
 with lib;
 let
@@ -32,19 +32,27 @@ in
     };
   };
   config = mkIf cfg.enable {
-    networking.wireguard.enable = true;
-    networking.wireguard.interfaces."wg0" = {
-      allowedIPsAsRoutes = true;
-      privateKeyFile = "/var/lib/wireguard/wg0-key";
-      ips = [ "fd42:9c3b:f96d:0200::0/64" ];
-      listenPort = 51234;
-      peers = map
-        (peer: (
-          {
-            allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ];
-            publicKey = peer.key;
-          }))
-        (attrValues cfg.peers);
+    networking.wireguard = {
+      enable = true;
+      interfaces."wg0" = {
+        allowedIPsAsRoutes = true;
+        privateKeyFile = "/var/lib/wireguard/wg0-key";
+        ips = [ "fd42:9c3b:f96d:0200::0/64" ];
+        listenPort = 51234;
+        peers = map
+          (peer: (
+            {
+              allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ];
+              publicKey = peer.key;
+            }))
+          (attrValues cfg.peers);
+        postSetup = ''
+          wg set wg0 fwmark 51234
+          ip rule add table 2468
+          ip route add default dev ens3 table 2468
+          ip route add fwmark 51234 table 2468
+        '';
+      };
     };
   };
 }