From 1c66a9e33d380cfc44e7dc3447772cd14d764405 Mon Sep 17 00:00:00 2001
From: Ciapa <ciapa@lewd.wtf>
Date: Fri, 9 Feb 2024 20:39:50 +0100
Subject: [PATCH] Fix wireguard service

---
 hosts/phoenix.lewd.wtf/networking.nix | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/hosts/phoenix.lewd.wtf/networking.nix b/hosts/phoenix.lewd.wtf/networking.nix
index 553c687..22b1618 100644
--- a/hosts/phoenix.lewd.wtf/networking.nix
+++ b/hosts/phoenix.lewd.wtf/networking.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ pkgs, ... }:
 {
   networking.useDHCP = false;
   networking.bridges = {
@@ -43,20 +43,18 @@
 	"ip rule add from 192.168.100.0/24 table 2"
 	"ip rule add from 192.168.5.0/24 table 2"
 	# NAT
-	"iptables -I POSTROUTING -t nat -o wg0 -j MASQUERADE"
+	"${pkgs.iptables}/bin/iptables -I POSTROUTING -t nat -o wg0 -j MASQUERADE"
         # Port forwarding
-        "iptables -A PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506"
-      ];
-      postShutdown = [
-        # Force traffic from container networks through wg0
-	"ip rule del from 192.168.100.0/24 table 2"
-	"ip rule del from 192.168.5.0/24 table 2"
-        "ip route del table 2 default dev wg0"
-	# NAT
-	"iptables -D POSTROUTING -t nat -o wg0 -j MASQUERADE"
-        # Port forwarding
-        "iptables -D PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506"
+        "${pkgs.iptables}/bin/iptables -A PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506"
       ];
     };
   };
+  systemd.services.wireguard-wg0.preStop = [
+    ''ip rule del from 192.168.100.0/24 table 2
+    ip rule del from 192.168.5.0/24 table 2
+    ip route del table 2 default dev wg0
+    ${pkgs.iptables}/bin/iptables -D POSTROUTING -t nat -o wg0 -j MASQUERADE
+    ${pkgs.iptables}/bin/iptables -D PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506
+    ''
+  ];
 }