From 12b731ef9aa51f5ca73ef02809128f681a51b966 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Thu, 29 May 2025 15:33:16 +0200
Subject: [PATCH] Allow forwarding all traffic

---
 modules/wireguard-server/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/wireguard-server/default.nix b/modules/wireguard-server/default.nix
index a02ccad..3b4b8bb 100644
--- a/modules/wireguard-server/default.nix
+++ b/modules/wireguard-server/default.nix
@@ -2,6 +2,7 @@
   config,
   lib,
   vpn,
+  pkgs,
   ...
 }:
 {
@@ -17,5 +18,13 @@
       publicKey = vpnConfig.publicKey;
       allowedIPs = [ "${vpnConfig.ip}/32" ];
     }) vpn;
+
+    postSetup = ''
+      ${lib.getExeo' pkgs.iptables "iptables"} -t nat -A POSTROUTING -s 10.100.0.0/24 -o enP4p65s0 -j MASQUERADE
+    '';
+
+    postShutdown = ''
+      ${lib.getExe' pkgs.iptables "iptables"} -t nat -D POSTROUTING -s 10.100.0.0/24 -o enP4p65s0 -j MASQUERADE
+    '';
   };
 }