From d9ce1c840bd21bc1c3b20ffc001b76a9ae8361c4 Mon Sep 17 00:00:00 2001 From: reo101 Date: Sat, 20 Jul 2024 22:44:39 +0300 Subject: [PATCH] fix(jeeves)!: open up `wireguard` for `DNS` requests Port 53 is needed to pass DNS requests through Also enable `NAT` for `wg0` --- machines/nixos/x86_64-linux/jeeves/wireguard.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/machines/nixos/x86_64-linux/jeeves/wireguard.nix b/machines/nixos/x86_64-linux/jeeves/wireguard.nix index f6247ea..178c619 100644 --- a/machines/nixos/x86_64-linux/jeeves/wireguard.nix +++ b/machines/nixos/x86_64-linux/jeeves/wireguard.nix @@ -22,7 +22,20 @@ }; }; - networking.firewall.allowedUDPPorts = [ 51820 ]; + # Enable NAT + networking.nat = { + enable = true; + enableIPv6 = true; + externalInterface = "eth0"; + internalInterfaces = [ "wg0" ]; + }; + + # Open ports in the firewall + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 51820 ]; + }; + systemd.network = { netdevs = { "50-wg0" = { @@ -85,6 +98,7 @@ }; }; }; + networks.wg0 = { matchConfig.Name = "wg0"; address = [ "10.100.0.1/24" ];