From 7a31488abd067dc9aff3c4eb2ff4c884f392dde4 Mon Sep 17 00:00:00 2001
From: Ivan Dimitrov <ivan@idimitrov.dev>
Date: Sat, 18 Nov 2023 15:32:14 +0200
Subject: [PATCH] enable wireguard

---
 mailserver/default.nix   |  2 +-
 mailserver/wireguard.nix | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 mailserver/wireguard.nix

diff --git a/mailserver/default.nix b/mailserver/default.nix
index 37281a4..89571e9 100644
--- a/mailserver/default.nix
+++ b/mailserver/default.nix
@@ -1,4 +1,4 @@
 { config, pkgs, ... }:
 {
-  imports = [ ./configuration.nix ./mailserver.nix ./roundcube.nix ./postgres.nix ];
+  imports = [ ./configuration.nix ./mailserver.nix ./roundcube.nix ./postgres.nix ./wireguard.nix ];
 }
diff --git a/mailserver/wireguard.nix b/mailserver/wireguard.nix
new file mode 100644
index 0000000..5556df8
--- /dev/null
+++ b/mailserver/wireguard.nix
@@ -0,0 +1,34 @@
+{ pkgs, ... }: {
+  networking = {
+    nat = {
+      enable = true;
+      externalInterface = "eth0";
+      internalInterfaces = [ "wg0" ];
+    };
+    firewall = {
+      allowedUDPPorts = [ 51820 ];
+    };
+    wireguard.interfaces = {
+      wg0 = {
+        ips = [ "10.100.0.1/24" ];
+        listenPort = 51820;
+        postSetup = ''
+          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+        '';
+        postShutdown = ''
+          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+        '';
+        privateKeyFile = "/etc/wireguard/privatekey";
+        generatePrivateKeyFile = true;
+        peers = [
+          {
+            publicKey = "28yXYLk4U0r6MdWFEZzk6apI8uhg962wMprF47wUJyI=";
+            allowedIPs = [ "10.100.0.2/32" ];
+          }
+        ];
+      };
+    };
+  };
+
+
+}