Added fixes for VPN networking

(cherry picked from commit d1620a9680)
This commit is contained in:
Inex Code 2022-02-28 13:59:24 +03:00
parent a0a6c99fe8
commit 4bf80d7a2d

View file

@ -6,7 +6,6 @@ in
{
imports = [
./hardware-configuration.nix
./variables-module.nix
./variables.nix
./files.nix
@ -34,9 +33,14 @@ in
boot.cleanTmpDir = true;
networking = {
hostName = config.services.userdata.hostname;
usePredictableInterfaceNames = false;
firewall = {
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 4443 8443 ];
allowedUDPPorts = lib.mkForce [ 8443 10000 ];
extraCommands = ''
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface vpn00 -j ACCEPT
'';
};
nameservers = [ "1.1.1.1" "1.0.0.1" ];
};
@ -84,4 +88,4 @@ in
enable = true;
};
};
}
}