winzlieb/network
winzlieb/network
1
0
Fork 0
forked from zentralwerk/network
Code Issues Pull Requests Projects Releases Wiki Activity

nixos-module/container/wireguard: brind back wireguardMark

Browse Source
This commit is contained in:
Astro 2022-09-18 16:23:18 +02:00
parent 5eb915e4f6
commit a5e3abfca6
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nix/nixos-module/container/wireguard.nix
View File

@ -14,6 +14,7 @@ let
privateKeyFile = ifName: privateKeyFile = ifName:
"/run/wireguard-keys/${ifName}.key"; "/run/wireguard-keys/${ifName}.key";
wireguardMark = 3;
vpnTable = 100; vpnTable = 100;
in in
{ {
@ -50,6 +51,7 @@ in
}; };
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = privateKeyFile ifName; PrivateKeyFile = privateKeyFile ifName;
FirewallMark = wireguardMark;
RouteTable = "vpn"; RouteTable = "vpn";
}; };
wireguardPeers = [ { wireguardPeers = [ {
@ -67,6 +69,7 @@ in
core.routingPolicyRules = [ { core.routingPolicyRules = [ {
# Marked wireguard packets take the vpn routing table # Marked wireguard packets take the vpn routing table
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
FirewallMark = wireguardMark;
Table = vpnTable; Table = vpnTable;
}; };
} ]; } ];