From e9f823e35558314664837cc51f3d126bd8a63b3f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 30 Sep 2021 15:22:27 +0200
Subject: yggdrasil-wg: better route?

---
 modules/yggdrasil-wg/default.nix | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index 2727d483..dd7300de 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -1,10 +1,11 @@
-{ config, hostName, lib, ... }:
+{ config, hostName, lib, pkgs, ... }:
 
 with lib;
 
 let
   listenPort = 51820;
   subnet = "2a03:4000:52:ada:1";
+  subnetLength = 80;
 
   links = [
     { from = "vidhar";
@@ -14,9 +15,10 @@ let
       dynamicEndpointRefreshSeconds = 86400;
     }
   ];
+  hostLength = subnetLength + 16;
   hostIPs = {
-    surtr = ["${subnet}::/96"];
-    vidhar = ["${subnet}:1::/96"];
+    surtr = ["${subnet}::/${toString hostLength}"];
+    vidhar = ["${subnet}:1::/${toString hostLength}"];
   };
 
   mkPublicKeyPath = host: ./hosts + "/${host}.pub";
@@ -49,11 +51,14 @@ in {
 
     networking.wireguard.interfaces = mkIf inNetwork {
       yggdrasil = {
-        allowedIPsAsRoutes = true;
+        allowedIPsAsRoutes = false;
         inherit listenPort;
         ips = hostIPs.${hostName};
         peers = map linkToPeer hostLinks;
         privateKeyFile = config.sops.secrets."yggdrasil-wg.priv".path;
+        postSetup = ''
+          ${pkgs.iproute2}/bin/ip route replace "${subnet}/${toString subnetLength}" dev "yggdrasil" table "main"
+        '';
       };
     };
 
-- 
cgit v1.2.3