nix-conf/modules/servers/heimdall/wireguard.nix

{config, ...}: {
  networking = {
    nat = {
      enable = true;
      enableIPv6 = true;
      externalInterface = "enp1s0";
      internalInterfaces = ["wg0"];
    };
    firewall = {
      allowedTCPPorts = [53];
      allowedUDPPorts = [53 51820];
    };
    wg-quick.interfaces.wg0.configFile = "${config.age.secrets.wg-heimdall.path}";
  };

  services.dnsmasq = {
    enable = true;
    settings = {
      interface = "wg0";
    };
  };

  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
}
feat(heimdall+desktop): setup wireguard tunnel. 2025-05-04 18:11:15 +02:00			`{config, ...}: {`
			`networking = {`
			`nat = {`
			`enable = true;`
			`enableIPv6 = true;`
			`externalInterface = "enp1s0";`
			`internalInterfaces = ["wg0"];`
			`};`
			`firewall = {`
			`allowedTCPPorts = [53];`
			`allowedUDPPorts = [53 51820];`
			`};`
			`wg-quick.interfaces.wg0.configFile = "${config.age.secrets.wg-heimdall.path}";`
			`};`

			`services.dnsmasq = {`
			`enable = true;`
			`settings = {`
			`interface = "wg0";`
			`};`
			`};`

			`boot.kernel.sysctl."net.ipv4.ip_forward" = 1;`
			`}`