networking.wireguard: added allowedIpsAsRoutes boolean to control peer routes

Sometimes (especially in the default route case) it is required to NOT
add routes for all allowed IP ranges. One might run it's own custom
routing on-top of wireguard and only use the wireguard addresses to
exchange prefixes with the remote host.
This commit is contained in:
Andreas Rammhold 2017-09-22 23:37:54 +02:00
parent 5b6d78194c
commit 846070e028
No known key found for this signature in database
GPG key ID: E432E410B5E48C86

View file

@ -95,6 +95,14 @@ let
type = with types; listOf (submodule peerOpts);
};
allowedIPsAsRoutes = mkOption {
example = false;
default = true;
type = types.bool;
description = ''
Determines whether to add allowed IPs as routes or not.
'';
};
};
};
@ -217,11 +225,11 @@ let
"${ipCommand} link set up dev ${name}"
(map (peer:
(lib.optional (values.allowedIPsAsRoutes != false) (map (peer:
(map (allowedIP:
"${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}"
) peer.allowedIPs)
) values.peers)
) values.peers))
values.postSetup
]);