From eaab02b94f729c8e230c6b7f52ad83091f6fc0d6 Mon Sep 17 00:00:00 2001 From: evujumenuk Date: Tue, 8 Aug 2017 01:45:19 +0200 Subject: wireguard: convert "table" to an interface option Do the right thing, and use multiple interfaces for policy routing. For example, WireGuard interfaces do not allow multiple routes for the same CIDR range. --- nixos/modules/services/networking/wireguard.nix | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'nixos/modules/services/networking') diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 5aa4f13d4529..4f54b45639f6 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -79,6 +79,16 @@ let description = "A list of commands called after shutting down the interface."; }; + table = mkOption { + default = "main"; + type = types.str; + description = ''The kernel routing table to add this interface's + associated routes to. Setting this is useful for e.g. policy routing + ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric + table IDs and table names (/etc/rt_tables) can be used. Defaults to + "main".''; + }; + peers = mkOption { default = []; description = "Peers linked to the interface."; @@ -160,14 +170,6 @@ let interval of 25 seconds; however, most users will not need this.''; }; - table = mkOption { - default = "main"; - type = types.str; - description = ''The kernel routing table to add this peer's associated - routes to. Setting this is useful for e.g. policy routing ("ip rule") - or virtual routing and forwarding ("ip vrf"). Both numeric table IDs - and table names (/etc/rt_tables) can be used. Defaults to "main".''; - }; }; }; @@ -217,7 +219,7 @@ let (map (peer: (map (allowedIP: - "${ipCommand} route replace ${allowedIP} dev ${name} table ${peer.table}" + "${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}" ) peer.allowedIPs) ) values.peers) -- cgit 1.4.1