From 3a0358d0f8edb14c6e5370a4035e837aa238ede0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
Date: Fri, 5 Jan 2024 15:06:49 +0100
Subject: [PATCH] feat: make full tunnel wireguard optional

---
 modules/wireguard-client/default.nix | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/modules/wireguard-client/default.nix b/modules/wireguard-client/default.nix
index 4ae13e1..9cd76a1 100644
--- a/modules/wireguard-client/default.nix
+++ b/modules/wireguard-client/default.nix
@@ -22,6 +22,14 @@ in {
       '';
       type = types.path;
     };
+
+    fullTunnel = mkOption {
+      description = ''
+        Whether to tunnel all traffic through the wireguard VPN
+      '';
+      default = false;
+      type = types.bool;
+    };
   };
 
   config = {
@@ -59,11 +67,12 @@ in {
             # frikandel
             publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA=";
             allowedIPs = [
-              "0.0.0.0/0"
               "10.0.1.0/24"
-              "::/0"
               "fd00:b12f:acab:1312::/64"
-            ];
+            ] ++ (if cfg.fullTunnel then [
+              "0.0.0.0/0"
+              "::/0"
+            ] else []);
             endpoint = "vpn.b12f.io:51899";
             persistentKeepalive = 25;
           }