commit 9c134189e5234407d90cb3b4cb7537dc3ad107c1
parent f284be05c2a0747427754431fcfb24f89dd7da01
Author: Vincent Demeester <vincent@sbr.pm>
Date: Mon, 12 Jul 2021 10:59:07 +0200
wireguard: no more need to add the module
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/systems/modules/profiles/wireguard.server.nix b/systems/modules/profiles/wireguard.server.nix
@@ -17,7 +17,7 @@ in
};
};
config = mkIf cfg.enable {
- boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
+ # boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
environment.systemPackages = [ pkgs.wireguard ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.firewall.extraCommands = ''
@@ -25,6 +25,7 @@ in
'';
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.firewall.trustedInterfaces = [ "wg0" ];
+ networking.firefwall.enable = true;
networking.wireguard.interfaces = {
"wg0" = {
ips = allowedIPs;