From a06a8bebab237eb65acd5ffd40bdc5fae5ea0076 Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Fri, 4 Oct 2019 22:34:13 +0200
Subject: [PATCH] wireguard: config serveur pour NAT

---
 systems/LoutreOS/services.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix
index bf09956..8951e9d 100644
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@@ -502,16 +502,19 @@ in
         ips = [ "192.168.20.1/24" ];
         privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey";
         listenPort = 51820;
-        allowedIPsAsRoutes = false;
+        allowedIPsAsRoutes = true;
         peers = [
           {
-            allowedIPs = [ "0.0.0.0/0" ];
+            allowedIPs = [ "192.168.20.2/32" ];
             publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE=";
           }
         ];
       };
     };
 
+    nat.internalInterfaces = [ "wg0" ];
+    nat.internalIPs = [ "192.168.20.0/24" ];
+
     firewall.allowedTCPPorts = [
       51413 # Transmission
       8448 # Matrix federation