~abcdw/trop.in

038427f5b0f7fa84be9afd2bf9d9bbb0650e47d5 — Andrew Tropin 9 months ago 92d9e41
pinky: Add WireGuard and NAT configuration
1 files changed, 53 insertions(+), 1 deletions(-)

M src/tropin/machines.scm
M src/tropin/machines.scm => src/tropin/machines.scm +53 -1
@@ 12,7 12,9 @@
  #:use-module (gnu services)
  #:use-module (gnu services base)
  #:use-module (gnu services networking)
  #:use-module (gnu services vpn)
  #:use-module (gnu services ssh)
  #:use-module (gnu services sysctl)
  #:use-module (gnu services shepherd)
  #:use-module (gnu packages bootloaders)
  #:use-module (gnu packages)


@@ 212,6 214,47 @@
                          (Peers . #("tls://ygg-nl.incognet.io:8884"
                                     "tls://ygg2.ezdomain.ru:11130"
                                     "tls://188.225.9.167:18227"))))))
             (service
              wireguard-service-type
              (wireguard-configuration
               (port 51828)
               (addresses '("10.0.0.1/32" "fdf5:6028:947d:1234::1/64"))
               ;; (dns '())
               (peers
                (list
                 (wireguard-peer
                  (name "ixy")
                  (public-key "4b1WJWDPrXxkHRdaE/AXW+VVt5ECppTqueq0mKaqcDM=")
                  (allowed-ips '("10.0.0.2/32" "fdf5:6028:947d:1234::2/128")))))
               (private-key "/srv/wg/pinky.key")))

             (service nftables-service-type
                      (nftables-configuration
                       (ruleset
                        (plain-file "nftables.conf"
                                    "# A simple NAT
table ip nat {
        chain prerouting {
                type nat hook prerouting priority filter; policy accept;
        }

        chain postrouting {
                type nat hook postrouting priority srcnat; policy accept;
                oifname \"eth0\" masquerade
        }
}
table ip6 nat {
        chain prerouting {
                type nat hook prerouting priority filter; policy accept;
        }

        chain postrouting {
                type nat hook postrouting priority srcnat; policy accept;
                oifname \"eth0\" masquerade
        }
}"
                                    ))))


             (service openssh-service-type
                      (openssh-configuration


@@ 224,7 267,16 @@

             nginx-service)

            (modify-services %base-services
            (modify-services
             %base-services
             (sysctl-service-type
              config =>
              (sysctl-configuration
               (inherit config)
               (settings (append '(("net.ipv4.conf.all.forwarding" . "1")
                                   ("net.ipv6.conf.all.forwarding" . "1"))
                                 %default-sysctl-settings))))

              (guix-service-type
               config =>
               (guix-configuration