networking.wireguard: added allowedIpsAsRoutes
boolean to control peer routes
Sometimes (especially in the default route case) it is required to NOT add routes for all allowed IP ranges. One might run it's own custom routing on-top of wireguard and only use the wireguard addresses to exchange prefixes with the remote host.
This commit is contained in:
parent
5b6d78194c
commit
846070e028
1 changed files with 10 additions and 2 deletions
|
@ -95,6 +95,14 @@ let
|
|||
type = with types; listOf (submodule peerOpts);
|
||||
};
|
||||
|
||||
allowedIPsAsRoutes = mkOption {
|
||||
example = false;
|
||||
default = true;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Determines whether to add allowed IPs as routes or not.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
@ -217,11 +225,11 @@ let
|
|||
|
||||
"${ipCommand} link set up dev ${name}"
|
||||
|
||||
(map (peer:
|
||||
(lib.optional (values.allowedIPsAsRoutes != false) (map (peer:
|
||||
(map (allowedIP:
|
||||
"${ipCommand} route replace ${allowedIP} dev ${name} table ${values.table}"
|
||||
) peer.allowedIPs)
|
||||
) values.peers)
|
||||
) values.peers))
|
||||
|
||||
values.postSetup
|
||||
]);
|
||||
|
|
Loading…
Reference in a new issue