diff --git a/modules/networking/wireguard/client.nix b/modules/networking/wireguard/client.nix index 901e771..91a61c2 100644 --- a/modules/networking/wireguard/client.nix +++ b/modules/networking/wireguard/client.nix @@ -8,6 +8,11 @@ in { options.networking.wg.client = { enable = lib.mkEnableOption "Enable WireGuard client"; + port = lib.mkOption { + type = lib.types.port; + default = 51820; + description = "Port for WireGuard client"; + }; autoConnect = lib.mkOption { type = lib.types.bool; default = false; @@ -20,17 +25,15 @@ in { }; config = lib.mkIf cfg.enable { - networking.wg-quick.interfaces.wg0 = { - inherit (peers.jonas) address; + networking.firewall.allowedUDPPorts = [cfg.port]; + networking.wireguard.interfaces.wg0 = { + inherit (peers.jonas) ips; inherit (cfg) privateKeyFile; + listenPort = cfg.port; peers = [ peers.harbor ]; }; - systemd.services.wg-quick-wg0.wantedBy = - if cfg.autoConnect - then lib.mkDefault [] - else lib.mkForce []; }; } diff --git a/modules/networking/wireguard/peers.nix b/modules/networking/wireguard/peers.nix index 89bb202..a031863 100644 --- a/modules/networking/wireguard/peers.nix +++ b/modules/networking/wireguard/peers.nix @@ -14,7 +14,7 @@ jonas = { publicKey = "oPMapC1S3TPe+/YQulG0AsVsOu+MzZY7huvAAXVJEnM="; - address = ["10.10.10.2/24"]; + ips = ["10.10.10.2/24"]; allowedIPs = ["10.10.10.2/32"]; }; } diff --git a/modules/networking/wireguard/server.nix b/modules/networking/wireguard/server.nix index 6d54a74..b29f3ef 100644 --- a/modules/networking/wireguard/server.nix +++ b/modules/networking/wireguard/server.nix @@ -20,11 +20,8 @@ in { }; config = lib.mkIf cfg.enable { - # Firewall and NAT configuration + # Firewall rule networking.firewall.allowedUDPPorts = [cfg.port]; - networking.nat.enable = true; - networking.nat.externalInterface = "eth0"; - networking.nat.internalInterfaces = ["wg0"]; # Interface without internet routing networking.wireguard.interfaces."wg0" = {