feat: make full tunnel wireguard optional

2024-01-05 15:06:49 +01:00 · 2024-01-05 15:06:49 +01:00 · 3a0358d0f8
parent 6e2798a0d4
commit 3a0358d0f8
1 changed files with 12 additions and 3 deletions
--- a/modules/wireguard-client/default.nix
+++ b/modules/wireguard-client/default.nix
@ -22,6 +22,14 @@ in {
      '';
      type = types.path;
    };
+
+    fullTunnel = mkOption {
+      description = ''
+        Whether to tunnel all traffic through the wireguard VPN
+      '';
+      default = false;
+      type = types.bool;
+    };
  };

  config = {
@ -59,11 +67,12 @@ in {
            # frikandel
            publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA=";
            allowedIPs = [
-              "0.0.0.0/0"
              "10.0.1.0/24"
-              "::/0"
              "fd00:b12f:acab:1312::/64"
-            ];
+            ] ++ (if cfg.fullTunnel then [
+              "0.0.0.0/0"
+              "::/0"
+            ] else []);
            endpoint = "vpn.b12f.io:51899";
            persistentKeepalive = 25;
          }