From e48cd67df29e2ba9412f99b79536d66f1719bc39 Mon Sep 17 00:00:00 2001 From: Ciapa Date: Fri, 9 Feb 2024 20:39:50 +0100 Subject: [PATCH] Fix wireguard service --- hosts/phoenix.lewd.wtf/networking.nix | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/hosts/phoenix.lewd.wtf/networking.nix b/hosts/phoenix.lewd.wtf/networking.nix index 553c687..5de44db 100644 --- a/hosts/phoenix.lewd.wtf/networking.nix +++ b/hosts/phoenix.lewd.wtf/networking.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs, ... }: { networking.useDHCP = false; networking.bridges = { @@ -43,20 +43,20 @@ "ip rule add from 192.168.100.0/24 table 2" "ip rule add from 192.168.5.0/24 table 2" # NAT - "iptables -I POSTROUTING -t nat -o wg0 -j MASQUERADE" + "${pkgs.iptables}/bin/iptables -I POSTROUTING -t nat -o wg0 -j MASQUERADE" # Port forwarding - "iptables -A PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506" - ]; - postShutdown = [ - # Force traffic from container networks through wg0 - "ip rule del from 192.168.100.0/24 table 2" - "ip rule del from 192.168.5.0/24 table 2" - "ip route del table 2 default dev wg0" - # NAT - "iptables -D POSTROUTING -t nat -o wg0 -j MASQUERADE" - # Port forwarding - "iptables -D PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506" + "${pkgs.iptables}/bin/iptables -A PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506" ]; }; }; + systemd.services.wireguard-wg0.preStop = + # Force traffic from container networks through wg0 + "ip rule del from 192.168.100.0/24 table 2" + + "ip rule del from 192.168.5.0/24 table 2" + + "ip route del table 2 default dev wg0" + + # NAT + "${pkgs.iptables}/bin/iptables -D POSTROUTING -t nat -o wg0 -j MASQUERADE" + + # Port Forwarding + "${pkgs.iptables}/bin/iptables -D PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506" + ; }