freifunk: move ip rule config to networkd

2022-06-15 19:57:55 +02:00 · 2022-06-15 19:57:55 +02:00 · 098357c1a3
parent b511c4ca04
commit 098357c1a3
1 changed files with 14 additions and 5 deletions
--- a/hosts/containers/freifunk/default.nix
+++ b/hosts/containers/freifunk/default.nix
@ -86,10 +86,6 @@ in {
    # Setup routing into Freifunk,
    # masquerading anything that isn't already their IP range
    extraCommands = ''
-      ${pkgs.iproute}/bin/ip rule del priority 300 || true
-      ${pkgs.iproute}/bin/ip rule add to 10.200.0.0/16 table bmx_hosts priority 300
-      ${pkgs.iproute}/bin/ip rule del priority 33000 || true
-      ${pkgs.iproute}/bin/ip rule add table bmx_tuns priority 33000
      ${pkgs.iptables}/bin/iptables -t nat -F POSTROUTING
      ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING \
        \! --source 10.200.0.0/15 -o ${meshInterface} -j SNAT --to 10.200.${ddmeshAddrPart}
@ -191,14 +187,27 @@ in {
            Broadcast = ddmeshBroadcast;
          };
        }];
+        routingPolicyRules = [ {
+          routingPolicyRuleConfig = {
+            Priority = 300;
+            To = "10.200.0.0/16";
+            Table = "bmx_hosts";
+          };
+        } ];
      };
      # Dummy interface for primary (10.200) address
-      "11-bmx-loopback" = {
+      "11-bmx-prime" = {
        enable = true;
        matchConfig = { Name = meshLoopback; };
        addresses = [{
          addressConfig.Address = "10.200.${ddmeshAddrPart}/32";
        }];
+        routingPolicyRules = [ {
+          routingPolicyRuleConfig = {
+            Priority = 33000;
+            Table = "bmx_tuns";
+          };
+        } ];
      };
      "31-wg-vpn6" = {
        enable = true;