feat: use networkd for routing config

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
feat: use seperate routing table for wg
2025-09-11 10:30:20 +02:00 · 2025-09-11 01:27:09 +02:00
1 changed files with 40 additions and 3 deletions
--- a/hosts/hosting-02/default.nix
+++ b/hosts/hosting-02/default.nix
@ -18,11 +18,47 @@
      80
      443
    ];
    allowedUDPPorts = [
      51820
    ];
  };
-  systemd.network.networks."30-wan".address = [
+  networking.iproute2.enable = true;
-    "2a01:4f8:c013:7fc0::/64"
+  systemd.network.config = {
-  ];
+    routeTables = {
      vpn = 133;
    };
    addRouteTablesToIPRoute2 = true;
  };
  systemd.network.networks."30-wan" = {
    address = [
      "2a01:4f8:c013:7fc0::/64"
    ];
    routingPolicyRules = [
      {
        From = "10.64.244.95/32";
        Table = "vpn";
      }
      {
        From = "fc00:bbbb:bbbb:bb01::1:f45e/128";
        Table = "vpn";
      }
      {
        User = config.users.users.vpn.uid;
        Table = "vpn";
        Family = "both";
      }
    ];
  };
  users.groups.vpn = { };
  users.users.vpn = {
    isSystemUser = true;
    group = "vpn";
    uid = 51280;
  };
  networking.wireguard = {
    enable = true;
@ -47,6 +83,7 @@
      listenPort = 51820;
      privateKeyFile = config.sops.secrets.wireguardKey.path;
      table = "133";
    };
  };
Author	SHA1	Message	Date
Lander Van den Bulcke	a373a0dc20	feat: use networkd for routing config Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-09-11 10:30:20 +02:00
Lander Van den Bulcke	2c60a915eb	feat: use seperate routing table for wg Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-09-11 01:27:09 +02:00