forked from zentralwerk/network
nixos-module/container/wireguard: rename rt_table vpn4 to vpn, add to wg settings
This commit is contained in:
parent
da6b2d55fc
commit
5eb915e4f6
|
@ -97,15 +97,15 @@ in
|
|||
hostName == "flpk-gw"
|
||||
) ''
|
||||
# BIRD routing table for Wireguard transport
|
||||
ipv4 table vpn4_table;
|
||||
ipv4 table vpn_table;
|
||||
|
||||
# Kernel routing table for Wireguard transport
|
||||
protocol kernel VPN4 {
|
||||
# "vpn4_table" configured on anon routers
|
||||
protocol kernel VPN {
|
||||
# "vpn_table" configured on anon routers
|
||||
kernel table 100;
|
||||
ipv4 {
|
||||
export all;
|
||||
table vpn4_table;
|
||||
table vpn_table;
|
||||
};
|
||||
}
|
||||
''}
|
||||
|
@ -220,7 +220,7 @@ in
|
|||
builtins.match "anon.*" hostName != null ||
|
||||
hostName == "flpk-gw"
|
||||
) ''
|
||||
table vpn4_table;
|
||||
table vpn_table;
|
||||
''}
|
||||
};
|
||||
area 0 {
|
||||
|
|
|
@ -14,8 +14,7 @@ let
|
|||
privateKeyFile = ifName:
|
||||
"/run/wireguard-keys/${ifName}.key";
|
||||
|
||||
wireguardMark = 3;
|
||||
vpn4Table = 100;
|
||||
vpnTable = 100;
|
||||
in
|
||||
{
|
||||
systemd.services = builtins.foldl' (services: ifName: services // {
|
||||
|
@ -51,8 +50,7 @@ in
|
|||
};
|
||||
wireguardConfig = {
|
||||
PrivateKeyFile = privateKeyFile ifName;
|
||||
# Mark for routing with another routing table
|
||||
FirewallMark = wireguardMark;
|
||||
RouteTable = "vpn";
|
||||
};
|
||||
wireguardPeers = [ {
|
||||
wireguardPeerConfig = {
|
||||
|
@ -67,10 +65,9 @@ in
|
|||
# Wireguard transported through another routing table
|
||||
# (containing upstream by bird ospf)
|
||||
core.routingPolicyRules = [ {
|
||||
# Marked wireguard packets take the vpn4 routing table
|
||||
# Marked wireguard packets take the vpn routing table
|
||||
routingPolicyRuleConfig = {
|
||||
Table = vpn4Table;
|
||||
FirewallMark = wireguardMark;
|
||||
Table = vpnTable;
|
||||
};
|
||||
} ];
|
||||
} // builtins.mapAttrs (ifName: { wireguard, upstream, ... }: {
|
||||
|
@ -109,7 +106,7 @@ in
|
|||
networking.iproute2 = lib.mkIf enabled {
|
||||
enable = true;
|
||||
rttablesExtraConfig = ''
|
||||
${toString vpn4Table} vpn4
|
||||
${toString vpnTable} vpn
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user