ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

treewide: use 'lib.getExe' when possible

Browse source
This commit is contained in:
Bruno BELANYI 2023-07-23 18:58:40 +01:00
parent 92b26e9d54
commit b8b3e51dc6
13 changed files with 24 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/services/wireguard/default.nix
View file

@ -230,22 +230,22 @@ in
(lib.mkIf thisPeerIsServer {
networking.wg-quick.interfaces."${cfg.iface}" = {
postUp = with cfg.net; ''
${pkgs.iptables}/bin/iptables -A FORWARD -i ${cfg.iface} -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING \
${lib.getExe pkgs.iptables} -A FORWARD -i ${cfg.iface} -j ACCEPT
${lib.getExe pkgs.iptables} -t nat -A POSTROUTING \
-s ${v4.subnet}.${toString thisPeer.clientNum}/${toString v4.mask} \
-o ${extIface} -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -A FORWARD -i ${cfg.iface} -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING \
${lib.getExe pkgs.iptables} -A FORWARD -i ${cfg.iface} -j ACCEPT
${lib.getExe pkgs.iptables} -t nat -A POSTROUTING \
-s ${v6.subnet}::${toString thisPeer.clientNum}/${toString v6.mask} \
-o ${extIface} -j MASQUERADE
'';
preDown = with cfg.net; ''
${pkgs.iptables}/bin/iptables -D FORWARD -i ${cfg.iface} -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING \
${lib.getExe pkgs.iptables} -D FORWARD -i ${cfg.iface} -j ACCEPT
${lib.getExe pkgs.iptables} -t nat -D POSTROUTING \
-s ${v4.subnet}.${toString thisPeer.clientNum}/${toString v4.mask} \
-o ${extIface} -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -D FORWARD -i ${cfg.iface} -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING \
${lib.getExe pkgs.iptables} -D FORWARD -i ${cfg.iface} -j ACCEPT
${lib.getExe pkgs.iptables} -t nat -D POSTROUTING \
-s ${v6.subnet}::${toString thisPeer.clientNum}/${toString v6.mask} \
-o ${extIface} -j MASQUERADE
'';