20 lines
460 B
Nix
20 lines
460 B
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
let
|
|
cfg = config.services.iodine.server;
|
|
in {
|
|
config = lib.mkIf cfg.enable {
|
|
# iodine DNS-based vpn
|
|
services.iodine.server = {
|
|
ip = "192.168.99.1";
|
|
domain = "tun.neet.dev";
|
|
passwordFile = "/run/agenix/iodine";
|
|
};
|
|
age.secrets.iodine.file = ../../secrets/iodine.age;
|
|
networking.firewall.allowedUDPPorts = [ 53 ];
|
|
|
|
networking.nat.internalInterfaces = [
|
|
"dns0" # iodine
|
|
];
|
|
};
|
|
} |