From 196f9a3e3427f82ef30323b151e0be7fc4c3c1b9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 24 Apr 2021 11:04:47 +0000
Subject: [PATCH] services: wireguard: fix server routing

I had made a mistake, hard-coding the server as being `1` for its client
number, instead of using the one configured from its peer configuration.
---
 services/wireguard.nix | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/services/wireguard.nix b/services/wireguard.nix
index 59d0edc..bc5ea12 100644
--- a/services/wireguard.nix
+++ b/services/wireguard.nix
@@ -174,15 +174,23 @@ in
       networking.wg-quick.interfaces."${cfg.iface}" = {
         postUp = with cfg.net; ''
           ${pkgs.iptables}/bin/iptables -A FORWARD -i ${cfg.iface} -j ACCEPT
-          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${v4.subnet}.1/${toString v4.mask} -o ${extIface} -j MASQUERADE
+          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING \
+              -s ${v4.subnet}.${toString thisPeer.clientNum}/${toString v4.mask} \
+              -o ${extIface} -j MASQUERADE
           ${pkgs.iptables}/bin/ip6tables -A FORWARD -i ${cfg.iface} -j ACCEPT
-          ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s ${v6.subnet}::1/${toString v6.mask} -o ${extIface} -j MASQUERADE
+          ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING \
+              -s ${v6.subnet}::${toString thisPeer.clientNum}/${toString v6.mask} \
+              -o ${extIface} -j MASQUERADE
         '';
         preDown = with cfg.net; ''
           ${pkgs.iptables}/bin/iptables -D FORWARD -i ${cfg.iface} -j ACCEPT
-          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${v4.subnet}.1/${toString v4.mask} -o ${extIface} -j MASQUERADE
+          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING \
+              -s ${v4.subnet}.${toString thisPeer.clientNum}/${toString v4.mask} \
+              -o ${extIface} -j MASQUERADE
           ${pkgs.iptables}/bin/ip6tables -D FORWARD -i ${cfg.iface} -j ACCEPT
-          ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s ${v6.subnet}::1/${toString v6.mask} -o ${extIface} -j MASQUERADE
+          ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING \
+              -s ${v6.subnet}::${toString thisPeer.clientNum}/${toString v6.mask} \
+              -o ${extIface} -j MASQUERADE
         '';
       };
     })