Merge pull request #27939 from evujumenuk/wireguard-rt_tables

wireguard: add per-peer routing table option
2017-08-11 16:27:07 +02:00
parent 691da0cbb9 eaab02b94f
commit 61d133c1ee
1 changed files with 15 additions and 3 deletions
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -79,6 +79,16 @@ let
        description = "A list of commands called after shutting down the interface.";
      };

+      table = mkOption {
+        default = "main";
+        type = types.str;
+        description = ''The kernel routing table to add this interface's
+        associated routes to. Setting this is useful for e.g. policy routing
+        ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric
+        table IDs and table names (/etc/rt_tables) can be used. Defaults to
+        "main".'';
+      };
+
      peers = mkOption {
        default = [];
        description = "Peers linked to the interface.";
@@ -207,9 +217,11 @@ let

            "${ipCommand} link set up dev ${name}"

-            (map (peer: (map (ip:
-            "${ipCommand} route replace ${ip} dev ${name}"
-            ) peer.allowedIPs)) values.peers)
+            (map (peer:
+            (map (allowedIP:
+            "${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}"
+            ) peer.allowedIPs)
+            ) values.peers)

            values.postSetup
          ]);