diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2017-09-22 23:37:54 +0200 |
---|---|---|
committer | Andreas Rammhold <andreas@rammhold.de> | 2017-09-25 21:30:52 +0200 |
commit | 846070e028a6ce6213dc4af3477dc67d73ec3364 (patch) | |
tree | ebf7a97bc9d72044d56ac2e338c55b824314f7df | |
parent | 5b6d78194ccb26541b038358c4b81843d5424c2e (diff) | |
download | nixlib-846070e028a6ce6213dc4af3477dc67d73ec3364.tar nixlib-846070e028a6ce6213dc4af3477dc67d73ec3364.tar.gz nixlib-846070e028a6ce6213dc4af3477dc67d73ec3364.tar.bz2 nixlib-846070e028a6ce6213dc4af3477dc67d73ec3364.tar.lz nixlib-846070e028a6ce6213dc4af3477dc67d73ec3364.tar.xz nixlib-846070e028a6ce6213dc4af3477dc67d73ec3364.tar.zst nixlib-846070e028a6ce6213dc4af3477dc67d73ec3364.zip |
networking.wireguard: added `allowedIpsAsRoutes` boolean to control peer routes
Sometimes (especially in the default route case) it is required to NOT add routes for all allowed IP ranges. One might run it's own custom routing on-top of wireguard and only use the wireguard addresses to exchange prefixes with the remote host.
-rw-r--r-- | nixos/modules/services/networking/wireguard.nix | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 4f54b45639f6..27ca0bcc5747 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -95,6 +95,14 @@ let type = with types; listOf (submodule peerOpts); }; + allowedIPsAsRoutes = mkOption { + example = false; + default = true; + type = types.bool; + description = '' + Determines whether to add allowed IPs as routes or not. + ''; + }; }; }; @@ -217,11 +225,11 @@ let "${ipCommand} link set up dev ${name}" - (map (peer: + (lib.optional (values.allowedIPsAsRoutes != false) (map (peer: (map (allowedIP: "${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}" ) peer.allowedIPs) - ) values.peers) + ) values.peers)) values.postSetup ]); |