{ config, pkgs, ...}: { environment.systemPackages = with pkgs; [ wireguard-tools ]; networking = { firewall.allowedUDPPorts = [ 51820 ]; firewall.trustedInterfaces = [ "ens19"]; iproute2.enable = true; iproute2.rttablesExtraConfig = '' 100 PUBLIC6 ''; wireguard.enable = true; wireguard.interfaces = { wg0 = { ips = [ "fe80::42:10:1/64" ]; privateKey = "SUPERSECRETKEY"; listenPort = 51820; allowedIPsAsRoutes = false; postSetup = '' ip -6 rule add from 2a01:4f8:1c0c:8221::/64 lookup PUBLIC6 ip -6 route add default via fe80::1 dev wg0 table PUBLIC6 ''; peers = [{ publicKey = "Y++eB9SfU17zB4mJ/6AaN761tngXAyTNoVaPNKmuvls="; allowedIPs = [ "::/0" ]; endpoint = "78.47.183.82:51876"; #endpoint = "gatekeeper.net.clerie.de:51876"; persistentKeepalive = 25; }]; }; }; }; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; networking.interfaces.ens19.ipv6.addresses = [{ address = "2a01:4f8:1c0c:8221::1"; prefixLength = 64; }]; services.corerad = { enable = true; settings = { interfaces = [ { name = "ens19"; advertise = true; prefix = [{ prefix = "2a01:4f8:1c0c:8221::/64";}]; mtu = 1420; }]; debug = { address = "localhost:9430"; prometheus = true; }; }; }; }