From 53b0e0a1c84be8bf0c6fa362cf94feda56fd557b Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 18 Feb 2021 00:10:45 +0000
Subject: [PATCH] services: wireguard: do not hard-code 'eth0'

Instead make use of the newly introduce `networking.externalInterface`
option.
---
 services/wireguard.nix | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/services/wireguard.nix b/services/wireguard.nix
index 3a01303..44d7cc2 100644
--- a/services/wireguard.nix
+++ b/services/wireguard.nix
@@ -10,6 +10,8 @@ let
   peers = config.my.secrets.wireguard.peers;
   thisPeer = peers."${hostName}";
   otherPeers = lib.filterAttrs (name: _: name != hostName) peers;
+
+  extIface = config.my.networking.externalInterface;
 in
 {
   options.my.services.wireguard = with lib; {
@@ -96,25 +98,24 @@ in
         otherPeers;
     } // lib.optionalAttrs (thisPeer ? externalIp) {
       # Setup forwarding on server
-      # FIXME: 'eth0' should not hard-coded
       postUp = with cfg.net; ''
         ${pkgs.iptables}/bin/iptables -A FORWARD -i ${cfg.iface} -j ACCEPT
-        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${v4.subnet}.1/${toString v4.mask} -o eth0 -j MASQUERADE
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${v4.subnet}.1/${toString v4.mask} -o ${extIface} -j MASQUERADE
         ${pkgs.iptables}/bin/ip6tables -A FORWARD -i ${cfg.iface} -j ACCEPT
-        ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s ${v6.subnet}::1/${toString v6.mask} -o eth0 -j MASQUERADE
+        ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s ${v6.subnet}::1/${toString v6.mask} -o ${extIface} -j MASQUERADE
       '';
       preDown = with cfg.net; ''
         ${pkgs.iptables}/bin/iptables -D FORWARD -i ${cfg.iface} -j ACCEPT
-        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${v4.subnet}.1/${toString v4.mask} -o eth0 -j MASQUERADE
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${v4.subnet}.1/${toString v4.mask} -o ${extIface} -j MASQUERADE
         ${pkgs.iptables}/bin/ip6tables -D FORWARD -i ${cfg.iface} -j ACCEPT
-        ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s ${v6.subnet}::1/${toString v6.mask} -o eth0 -j MASQUERADE
+        ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s ${v6.subnet}::1/${toString v6.mask} -o ${extIface} -j MASQUERADE
       '';
 
     };
 
     nat = lib.optionalAttrs (thisPeer ? externalIp) {
       enable = true;
-      externalInterface = "eth0"; # FIXME: should not hard-coded
+      externalInterface = extIface;
       internalInterfaces = [ cfg.iface ];
     };