diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2022-05-13 08:00:44 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2022-05-13 08:00:44 -0400 |
| commit | 751e66ce38c8c61df5c35f8651c03e8c7fc11eac (patch) | |
| tree | 72a005a404b20926a27a9f0f90581fd957540b37 | |
| parent | f09b9d23fed2a02951e23f97cc62faf9f5f83d8d (diff) | |
disable nycmesh
| -rw-r--r-- | config/router.nix | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/config/router.nix b/config/router.nix index 2b05b7b..28d0f30 100644 --- a/config/router.nix +++ b/config/router.nix @@ -2,14 +2,15 @@ let wan-dev = "bond0.10"; lan-dev = "bond0"; + # config.orbekk.nycmesh.listenPort wireguardPorts = - [ config.orbekk.mullvad.listenPort config.orbekk.nycmesh.listenPort ]; + [ config.orbekk.mullvad.listenPort ]; mullvadMark = 30; - nycmeshMark = 32; + # nycmeshMark = 32; aliases = import ../data/aliases.nix; in { orbekk.mullvad.enable = true; - orbekk.nycmesh.enable = true; + orbekk.nycmesh.enable = false; services.tftpd.enable = true; services.openntpd.enable = true; @@ -69,7 +70,7 @@ in { @def $DEV_UNTRUSTED_LAN = (${lan-dev}.30 ${lan-dev}.32); @def $DEV_LAN = (${lan-dev}.100); @def $DEV_ADMIN = (${lan-dev}.255); - @def $DEV_WAN = (${wan-dev} he0 mullvad nycmesh); + @def $DEV_WAN = (${wan-dev} he0 mullvad); @def $NET_LAN = (172.20.0.0/16); # Forward dns queries to dnsmasq on LAN interfaces. @@ -163,11 +164,6 @@ in { interface ${lan-dev}.30 MARK set-mark ${toString mullvadMark}; } } - domain ip table mangle { - chain PREROUTING { - interface ${lan-dev}.32 MARK set-mark ${toString nycmeshMark}; - } - } ''; }; @@ -270,9 +266,9 @@ in { }; networking.iproute2.enable = true; + # ${toString nycmeshMark} nycmesh networking.iproute2.rttablesExtraConfig = '' ${toString mullvadMark} mullvad - ${toString nycmeshMark} nycmesh 200 he ''; @@ -295,11 +291,11 @@ in { ip route flush cache ''; - networking.wireguard.interfaces.nycmesh.postSetup = '' - ip rule add fwmark ${toString nycmeshMark} table nycmesh - ip route replace default via 10.70.73.1 onlink dev nycmesh table nycmesh - ip route flush cache - ''; + # networking.wireguard.interfaces.nycmesh.postSetup = '' + # ip rule add fwmark ${toString nycmeshMark} table nycmesh + # ip route replace default via 10.70.73.1 onlink dev nycmesh table nycmesh + # ip route flush cache + # ''; # boot.kernel.sysctl."net.ipv6.conf.${wan-dev}.disable_ipv6" = true; |