# MediaStack (10.48.200.35) WireGuard server config (for Jellyfin peer) # Serves as internal VPN hub for Jellyfin to reach MediaStack NFS exports # File: /etc/wireguard/wg1.conf [Interface] PrivateKey = UPTGveBLFZLGcimi80npmrEB3tOfE8GjQEl4aTPOWV0= Address = 10.200.0.1/24 ListenPort = 51820 PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -A FORWARD -i wg1 -o nordlynx -j ACCEPT; iptables -A FORWARD -i nordlynx -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A POSTROUTING -o nordlynx -s 10.200.0.0/24 -j MASQUERADE PostDown = iptables -D FORWARD -i wg1 -o nordlynx -j ACCEPT; iptables -D FORWARD -i nordlynx -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -o nordlynx -s 10.200.0.0/24 -j MASQUERADE [Peer] # Jellyfin PublicKey = T+mr/+Z+9F0FXG/8AxJClH7kgxvqFVeSouJQo2+D82M= AllowedIPs = 10.200.0.3/32 PersistentKeepalive = 25