feat: make full tunnel wireguard optional

This commit is contained in:
Benjamin Bädorf 2024-01-05 15:06:49 +01:00
parent 6e2798a0d4
commit 3a0358d0f8
No known key found for this signature in database
GPG key ID: 1B7BF5B77A521346

View file

@ -22,6 +22,14 @@ in {
''; '';
type = types.path; type = types.path;
}; };
fullTunnel = mkOption {
description = ''
Whether to tunnel all traffic through the wireguard VPN
'';
default = false;
type = types.bool;
};
}; };
config = { config = {
@ -59,11 +67,12 @@ in {
# frikandel # frikandel
publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA="; publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA=";
allowedIPs = [ allowedIPs = [
"0.0.0.0/0"
"10.0.1.0/24" "10.0.1.0/24"
"::/0"
"fd00:b12f:acab:1312::/64" "fd00:b12f:acab:1312::/64"
]; ] ++ (if cfg.fullTunnel then [
"0.0.0.0/0"
"::/0"
] else []);
endpoint = "vpn.b12f.io:51899"; endpoint = "vpn.b12f.io:51899";
persistentKeepalive = 25; persistentKeepalive = 25;
} }