From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id SJqLALg5LGGNXAAAgWs5BA
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 30 Aug 2021 03:51:52 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id HI27N7c5LGGgEAAAB5/wlQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 30 Aug 2021 01:51:51 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 76CB1110AF
	for <larch@yhetil.org>; Mon, 30 Aug 2021 03:51:51 +0200 (CEST)
Received: from localhost ([::1]:53824 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1mKWSk-00051J-Kb
	for larch@yhetil.org; Sun, 29 Aug 2021 21:51:50 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:48174)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <crodges@csphy.pw>) id 1mKSzt-0005rJ-CC
 for guix-devel@gnu.org; Sun, 29 Aug 2021 18:09:49 -0400
Received: from vps-93-95-228-136.1984.is ([93.95.228.136]:57026 helo=csphy.pw)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <crodges@csphy.pw>) id 1mKSzr-000693-El
 for guix-devel@gnu.org; Sun, 29 Aug 2021 18:09:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=csphy.pw; s=mail;
 t=1630274011; h=from:from:sender:reply-to:subject:subject:date:date:
 message-id:message-id:to:to:cc:mime-version:mime-version:
 content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:in-reply-to:
 references; bh=nKMgD7+3Tqejg1uHQYKbfz5WZb0fBSHukpuFg14Npgg=;
 b=PAfK+tsB7Yvo9BK3N2xt7/EsGEn1V5AJloNdytOyDO897IKO6jpsoNwhWM1tOh/Ihjo6IC
 RwEr9How76vltColEbwaKS+7SGcdnnqjhim81OjxvskIZRtzKrgd2nUGOhb1dsLR4rtMAw
 uX9yLNOPjxZN2+tShVueA6u8MuFWyIY=
From: crodges <crodges@csphy.pw>
To: guix-devel@gnu.org
Subject: Wireguard
Date: Sun, 29 Aug 2021 14:53:23 -0700
Message-ID: <2301909.g8HzRWBaYy@sceadufaex>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Received-SPF: pass client-ip=93.95.228.136; envelope-from=crodges@csphy.pw;
 helo=csphy.pw
X-Spam_score_int: -5
X-Spam_score: -0.6
X-Spam_bar: /
X-Spam_report: (-0.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 NO_FM_NAME_IP_HOSTN=0.497, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Mailman-Approved-At: Sun, 29 Aug 2021 21:51:40 -0400
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1630288311;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=nKMgD7+3Tqejg1uHQYKbfz5WZb0fBSHukpuFg14Npgg=;
	b=M/6ag45MAyWSPDW+prnx9tBUu0+YxQFxvKy7UMYqcedx0u/GTIR4QDKwHjYOGTRng9YpPG
	Hel9TT1UldsIi1hwStFFw3xFT2tWqTyXRPBWMN6QwGjPExJbgZqTatTzxMHzxWpZKY0Cyr
	7AumlNZAZgvekDTIGIChWqVXlEkbgYoKk/cWOGLj6uU1/BbsrGGunyjcrHyuhLrywIQ+ug
	6WyqXEckZ8omfQdVQ6HHpEuCreIaKaQRdx0tQBoaf0PBhgH7uNhd4KGHSTK52WpUWbVGoj
	jyr3vdbegvrQaQlYrG8D/0EFF54AY2l5XLpcFr9pmIKVbZ+y9bDUBeFlhj+u1Q==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1630288311; a=rsa-sha256; cv=none;
	b=gGmF5dWUHRex6tMuyuFwf+zsYztYhAVhc1Vdk5bFmrhACH6UzLGJbMos5wzAX9PS3hwCI5
	kfXyUk/bdRFTJxXkCrl6SDfhk8aMRYWgB9+OBqBDZEvLTWYfi2mpb/vQXjzUB/MFpL48Oq
	5+nJylD3lut8byMmYhzchnjbJWiGWh+u0CK8yy830ZOYs1Xys77ZRCW90I7zhqWVP91inq
	X+Bre+py3KTq2yBxBrHn/VshiqTNzuIwwu1ZbMy9IXG7CQ1JdTdcIMds8LYvwz4bWYxhog
	k1W4TJ2YzoCqp9tGWKWkGBqYN8mCISjIZ277vW4lvrkwjhFmtZWeb4yG87NioQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=csphy.pw header.s=mail header.b=PAfK+tsB;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=csphy.pw (policy=none);
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Spam-Score: 1.18
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=csphy.pw header.s=mail header.b=PAfK+tsB;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=csphy.pw (policy=none);
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: 76CB1110AF
X-Spam-Score: 1.18
X-Migadu-Scanner: scn0.migadu.com
X-TUID: xDmLErnT61SL

Hello everyone,

Let me start thanking you for developing such a interesting project in GNU 
Guix. Also, I don't want to take up anyone's time, so you can just point to 
documentation or other resource succinctly and I'll do my best. I'm writing 
here because I tried the help list but not answer so far, after a few days.

I managed to configure wireguard on a vps running guix and created clients for 
my desktop and cellphone. What I want to do (and did already in a Debian vps) 
is to make wireguard's lan accessible to anyone connected and also browse the 
internet using this vpn.

As I remember, I need to allow ip forwarding using

sysctl net.ipv4.ip_forward=1

and I also need to put these rules into wireguard (the server) under 
[interface],

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING 
-o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat 
-A POSTROUTING -o eth0 -j MASQUERADE

PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D 
POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; 
ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Problem is, looking at the latest guix manual, PostUp and PostDown doesn't 
seem to exist yet. Do they exist but are still undocumented?

If they don't exist, where should be a reasonable place to add this 
configurations? I'm trying to do everything the guix way, when I finish this 
machine configuration, I'd like it to be fully replicable.

Also, is this something that I could solve modifying the wireguard service 
definition itself?

Thanks,

crodges