Merge pull request #27939 from evujumenuk/wireguard-rt_tables

wireguard: add per-peer routing table option

nixos/modules/services/networking/wireguard.nix

@@ -79,6 +79,16 @@ let
         description = "A list of commands called after shutting down the interface.";
       };
 
+      table = mkOption {
+        default = "main";
+        type = types.str;
+        description = ''The kernel routing table to add this interface's
+        associated routes to. Setting this is useful for e.g. policy routing
+        ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric
+        table IDs and table names (/etc/rt_tables) can be used. Defaults to
+        "main".'';
+      };
+
       peers = mkOption {
         default = [];
         description = "Peers linked to the interface.";
@@ -207,9 +217,11 @@ let
 
             "${ipCommand} link set up dev ${name}"
 
-            (map (peer: (map (ip:
+            (map (peer:
-            "${ipCommand} route replace ${ip} dev ${name}"
+            (map (allowedIP:
-            ) peer.allowedIPs)) values.peers)
+            "${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}"
+            ) peer.allowedIPs)
+            ) values.peers)
 
             values.postSetup
           ]);