forked from zentralwerk/network
nixos-module/container/wireguard: brind back wireguardMark
This commit is contained in:
parent
5eb915e4f6
commit
a5e3abfca6
|
@ -14,6 +14,7 @@ let
|
||||||
privateKeyFile = ifName:
|
privateKeyFile = ifName:
|
||||||
"/run/wireguard-keys/${ifName}.key";
|
"/run/wireguard-keys/${ifName}.key";
|
||||||
|
|
||||||
|
wireguardMark = 3;
|
||||||
vpnTable = 100;
|
vpnTable = 100;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -50,6 +51,7 @@ in
|
||||||
};
|
};
|
||||||
wireguardConfig = {
|
wireguardConfig = {
|
||||||
PrivateKeyFile = privateKeyFile ifName;
|
PrivateKeyFile = privateKeyFile ifName;
|
||||||
|
FirewallMark = wireguardMark;
|
||||||
RouteTable = "vpn";
|
RouteTable = "vpn";
|
||||||
};
|
};
|
||||||
wireguardPeers = [ {
|
wireguardPeers = [ {
|
||||||
|
@ -67,6 +69,7 @@ in
|
||||||
core.routingPolicyRules = [ {
|
core.routingPolicyRules = [ {
|
||||||
# Marked wireguard packets take the vpn routing table
|
# Marked wireguard packets take the vpn routing table
|
||||||
routingPolicyRuleConfig = {
|
routingPolicyRuleConfig = {
|
||||||
|
FirewallMark = wireguardMark;
|
||||||
Table = vpnTable;
|
Table = vpnTable;
|
||||||
};
|
};
|
||||||
} ];
|
} ];
|
||||||
|
|
Loading…
Reference in New Issue
Block a user