diff options
-rw-r--r-- | nixos/modules/services/networking/wireguard.nix | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index be832ea45d8f..4f54b45639f6 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -79,6 +79,16 @@ let description = "A list of commands called after shutting down the interface."; }; + table = mkOption { + default = "main"; + type = types.str; + description = ''The kernel routing table to add this interface's + associated routes to. Setting this is useful for e.g. policy routing + ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric + table IDs and table names (/etc/rt_tables) can be used. Defaults to + "main".''; + }; + peers = mkOption { default = []; description = "Peers linked to the interface."; @@ -207,9 +217,11 @@ let "${ipCommand} link set up dev ${name}" - (map (peer: (map (ip: - "${ipCommand} route replace ${ip} dev ${name}" - ) peer.allowedIPs)) values.peers) + (map (peer: + (map (allowedIP: + "${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}" + ) peer.allowedIPs) + ) values.peers) values.postSetup ]); |