maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Fix wg routing

Browse source
This commit is contained in:
Malte Brandy 2018-07-27 15:34:19 +02:00
parent 0fa62d9762
commit 46637ca94d
No known key found for this signature in database
GPG key ID: 226A2D41EF5378C9
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
hosts/apollo/configuration.nix
View file

@ -4,7 +4,7 @@
let let
inherit (config.m-0.private) me wireguard; inherit (config.m-0.private) me wireguard;
inherit (config.m-0) hosts; inherit (config.m-0) hosts prefix;
in { in {
imports = [ imports = [
@ -19,17 +19,19 @@ networking = {
hostName = "apollo"; hostName = "apollo";
wireguard.interfaces = { wireguard.interfaces = {
m0wire = { m0wire = {
ips = [ "${hosts.apollo-wg}/96" ]; allowedIPsAsRoutes = false;
ips = [ "${hosts.apollo-wg}/112" ];
privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private"; privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
peers = [ peers = [
{ {
publicKey = wireguard.pub.hera; publicKey = wireguard.pub.hera;
allowedIPs = [ "${hosts.hera-wg}/128" ]; allowedIPs = [ "::/0" ];
endpoint = "${hosts.hera-v4}:${builtins.toString wireguard.port}"; endpoint = "${hosts.hera-v4}:${builtins.toString wireguard.port}";
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk"; presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
persistentKeepalive = 25; persistentKeepalive = 25;
} }
]; ];
postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 via ${hosts.hera-wg} dev m0wire" ];
}; };
}; };
}; };