feat: add proxy-home vpn to accelerate traffic between local nodes

2025-10-11 07:10:39 +02:00 · 2024-05-20 01:35:01 +02:00 · 2024-05-20 01:35:01 +02:00 · b01c521830
commit b01c521830
parent 34fd783e60
22 changed files with 123 additions and 10 deletions
--- a/hosts/ward/net.nix
+++ b/hosts/ward/net.nix
@ -111,6 +111,20 @@ in {
        verdict = "accept";
      };

+      lan-to-local = {
+        from = ["lan"];
+        to = ["local"];
+
+        allowedUDPPorts = [config.wireguard.proxy-home.server.port];
+      };
+
+      # Forward traffic between participants
+      forward-proxy-home-vpn-traffic = {
+        from = ["proxy-home"];
+        to = ["proxy-home"];
+        verdict = "accept";
+      };
+
      #masquerade-vpn = {
      #  from = ["wg-home"];
      #  to = ["lan"];
@ -135,4 +149,11 @@ in {
  #  reservedAddresses = ["10.10.0.1/24" "fd00:10::/120"];
  #  openFirewall = true;
  #};
+
+  wireguard.proxy-home.server = {
+    host = "192.168.1.1";
+    port = 51444;
+    reservedAddresses = ["10.44.0.0/24" "fd00:44::/120"];
+    openFirewall = false; # Explicitly opened only for lan
+  };
 }