mynix/system
1
1
Fork 0
Code Issues 2 Pull requests Activity

modules/wireguard: del ip route when wireguard is stopping

Browse source
This commit is contained in:
Dmitriy Pleshevskiy 2024-06-15 09:46:07 +03:00
parent a67cadfd8d
commit 59632cb3f7
Signed by: pleshevskiy
GPG key ID: 17041163DA10A9A2
1 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
modules/nixos/services/vpn/wireguard/client.nix
View file

@ -2,6 +2,11 @@
let
cfg = config.local.services.vpn.wireguard;
addrsViaDefaultInterface = [
# cache.nixos.org
"151.101.86.217/32"
];
in
{
options.local.services.vpn.wireguard = with lib; {
@ -46,9 +51,18 @@ in
postUp = ''
addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
# don't use wg with cache.nixos.org
${pkgs.iproute}/bin/ip route add 151.101.86.217/32 via $addr dev $interface
'';
'' + lib.concatLines (map
(addr: "${pkgs.iproute}/bin/ip route add ${addr} via $addr dev $interface")
addrsViaDefaultInterface
);
preDown = ''
addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
'' + lib.concatLines (map
(addr: "${pkgs.iproute}/bin/ip route del ${addr} via $addr dev $interface")
addrsViaDefaultInterface
);
peers = [
# For a client configuration, one peer entry for the server will suffice.