machines/wireguard: add some notes

This commit is contained in:
Dmitriy Pleshevskiy 2023-03-02 17:36:05 +03:00
parent dcb2d428d7
commit 0f9fd3f125
Signed by: pleshevskiy
GPG key ID: 79C4487B44403985

View file

@ -6,6 +6,8 @@ let
port = 51820; port = 51820;
serverAddr = (import ../canigou/data.secret.nix).addr; serverAddr = (import ../canigou/data.secret.nix).addr;
# Run `ip route` to show gateway
defaultGateway = "192.168.0.1"; defaultGateway = "192.168.0.1";
in in
{ {
@ -40,6 +42,8 @@ in
# Path to the private key file. # Path to the private key file.
privateKeyFile = cfg.privateKeyFile; privateKeyFile = cfg.privateKeyFile;
# Add a more specific ip route allowing trafgfic to the VPN via the default gateway
# Source: https://discourse.nixos.org/t/route-all-traffic-through-wireguard-interface/1480/18
postSetup = "${pkgs.iproute}/bin/ip route add ${serverAddr} via ${defaultGateway}"; postSetup = "${pkgs.iproute}/bin/ip route add ${serverAddr} via ${defaultGateway}";
postShutdown = "${pkgs.iproute}/bin/ip route del ${serverAddr} via ${defaultGateway}"; postShutdown = "${pkgs.iproute}/bin/ip route del ${serverAddr} via ${defaultGateway}";