machines/wireguard: add some notes

2023-03-02 17:36:05 +03:00 · 2023-03-02 17:36:05 +03:00 · 0f9fd3f125
commit 0f9fd3f125
parent dcb2d428d7
1 changed files with 4 additions and 0 deletions
--- a/machines/modules/wireguard-client.nix
+++ b/machines/modules/wireguard-client.nix
@ -6,6 +6,8 @@ let
  port = 51820;

  serverAddr = (import ../canigou/data.secret.nix).addr;
+
+  # Run `ip route` to show gateway
  defaultGateway = "192.168.0.1";
 in
 {
@ -40,6 +42,8 @@ in
        # Path to the private key file.
        privateKeyFile = cfg.privateKeyFile;

+        # Add a more specific ip route allowing trafgfic to the VPN via the default gateway
+        # Source: https://discourse.nixos.org/t/route-all-traffic-through-wireguard-interface/1480/18
        postSetup = "${pkgs.iproute}/bin/ip route add ${serverAddr} via ${defaultGateway}";
        postShutdown = "${pkgs.iproute}/bin/ip route del ${serverAddr} via ${defaultGateway}";