1 files changed, 3 insertions, 2 deletions

diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index b1d4ee5d..cbe09955 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -76,6 +76,7 @@ let
     vidhar = ["${batSubnet}:1::/${toString batHostLength}"];
     sif = ["${batSubnet}:2::/${toString batHostLength}"];
   };
+  routers = [ "surtr" ];
 
   mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub";
   mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv";
@@ -91,7 +92,7 @@ let
     let
       other = if thisHost from then to else from;
     in {
-      AllowedIPs = wgHostIPs.${family}.${other};
+      AllowedIPs = if elem other routers then ["0.0.0.0/0" "::/0"] else wgHostIPs.${family}.${other};
       PublicKey = trim (readFile (mkPublicKeyPath family other));
     } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts));
   linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"]));
@@ -202,7 +203,7 @@ in {
                 Destination = "${batSubnet}::/${toString batSubnetLength}";
               };
             }
-          ];
+          ] ++ (concatMap (router: concatMap (family: { routeConfig = { Destination = "::/0"; Metric = 1; Gateway = wgHostIPs.${family}.${router}; }; }) families) routers);
           linkConfig = {
             MACAddress = "${batHostMACs.${hostName}}";
             RequiredForOnline = false;