lib/network: init

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
2023-01-23 21:31:19 +05:30
parent b3fac02b73
commit 950cf357d1
8 changed files with 88 additions and 74 deletions
--- a/hosts/remilia/networking.nix
+++ b/hosts/remilia/networking.nix
@@ -1,4 +1,4 @@
-{ lib, config, pkgs, ... }:
+{ lib, config, network, pkgs, ... }:
 {
  networking = {
    useDHCP = false;
@@ -7,21 +7,8 @@
      {
        interfaces = {
          ens3 = {
-            allowedTCPPorts = [
-              80
-              81
-              443
-              444
-              993
-              465
-              143
-              25
-              22001
-              22002
-              9898
-              8999
-              99
-            ] ++ (map (x: x.sourcePort) config.networking.nat.forwardPorts);
+            allowedTCPPorts = [ 80 81 443 444 993 465 143 25 22001 22002 9898 8999 99 5201 4444 ]
+              ++ (map (x: x.sourcePort) config.networking.nat.forwardPorts);
            allowedUDPPorts = [ 17840 ];
          };
        };
@@ -40,46 +27,46 @@
        useDHCP = true;
      };
    };
-    nat = {
+    nat = with network.addresses.wireguard.ips; {
      enable = true;
      externalInterface = "ens3";
      internalInterfaces = [ "wg0" ];
      forwardPorts = [
        {
-          destination = "10.55.0.2:2002";
+          destination = "${marisa}:2002";
          sourcePort = 22;
        }
        {
-          destination = "10.55.0.2:22";
-          sourcePort = 23;
+          destination = "${satori}:6600";
+          sourcePort = 6600;
        }
        {
-          destination = "10.55.0.3:6600";
-          sourcePort = 6600;
+          destination = "${satori}:25565";
+          sourcePort = 4444;
        }
      ];
    };
-    wireguard.interfaces = {
+    wireguard.interfaces = with network.addresses.wireguard; {
      wg0 = {
-        ips = [ "10.55.0.1/24" ];
+        ips = [ ips.remilia ];
        listenPort = 17840;
        postSetup = ''
          ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
-          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.55.0.0/24 -o ${config.networking.nat.externalInterface} -j MASQUERADE
+          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${ipsWithPrefixLength} -o ${config.networking.nat.externalInterface} -j MASQUERADE
        '';
        postShutdown = ''
          ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
-          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.55.0.0/24 -o ${config.networking.nat.externalInterface} -j MASQUERADE
+          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${ipsWithPrefixLength} -o ${config.networking.nat.externalInterface} -j MASQUERADE
        '';
        privateKeyFile = "/var/wg";
        peers = [
          {
            publicKey = "m9SSpkj+r2QY4YEUMEoTkbOI/L7C39Kh6m45QZ5mkw4=";
-            allowedIPs = [ "10.55.0.2/32" ];
+            allowedIPs = [ ips.marisa ];
          }
          {
            publicKey = "SqskEH7hz7Gv9ZS+FYLRFgKZyJCFbBFCyuvzBYnbfVU=";
-            allowedIPs = [ "10.55.0.3/32" ];
+            allowedIPs = [ ips.satori ];
          }
        ];
      };