From 8838707e601def43b25ea0aacc347e46b2c36cae Mon Sep 17 00:00:00 2001
From: Shahab Dogar <shahab@dogar.dev>
Date: Tue, 18 Mar 2025 12:22:02 +0500
Subject: [PATCH] fix: NixOS | add dns settings to wireguard

---
 nixos/master/configuration.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/nixos/master/configuration.nix b/nixos/master/configuration.nix
index 0b08652..d22cb40 100644
--- a/nixos/master/configuration.nix
+++ b/nixos/master/configuration.nix
@@ -157,6 +157,17 @@
         listenPort = 51820;
         privateKeyFile = "/etc/wireguard/private-key";
 
+        # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
+        # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
+        postSetup = ''
+          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 192.168.20.0/24 -o eth0 -j MASQUERADE
+        '';
+
+        # This undoes the above command
+        postShutdown = ''
+          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 192.168.20.0/24 -o eth0 -j MASQUERADE
+        '';
+
         peers = [
           {
             name = "shahab";