wg config

author: Kjetil Orbekk <kj@orbekk.com> 2023-10-07 08:27:27 -0400
committer: Kjetil Orbekk <kj@orbekk.com> 2023-10-07 08:27:27 -0400
commit: ddb1f4da7dc6c830d25cc38800ac4bc3edd8bc6d (patch)
tree: bb16d75d89e451ae9e8ed55eb73f53ced6f63bee /modules/router.nix
parent: d27b3088cecb48422faca144de47d1c661e70bbf (diff)
1 files changed, 11 insertions, 9 deletions
diff --git a/modules/router.nix b/modules/router.nix
index 6d952df..0832005 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -92,15 +92,6 @@ let
     }];
     systemd.services.he0-netdev.after = ["kjlan-netdev.service"];
 
-    networking.wireguard = {
-      enable = true;
-      interfaces.wg-vpn = {
-        ips = [ "${vpnPrefix}::d"/128 ];
-        privateKeyFile = config.age.secrets.dragon-wireguard-key.path;
-        listenPort = vpnPort;
-      };
-    };
-
     networking.iproute2.enable = true;
     networking.iproute2.rttablesExtraConfig = ''
       ${toString mullvadMark} mullvad
@@ -327,6 +318,17 @@ in {
       additionalCapabilities = ["CAP_NET_ADMIN"];
     };
 
+    networking.wireguard = {
+      enable = true;
+      interfaces.wg-vpn = {
+        socketNamespace = "router";
+        interfaceNamespace = "router";
+        ips = [ "${vpnPrefix}::d"/128 ];
+        privateKeyFile = config.age.secrets.dragon-wireguard-key.path;
+        listenPort = vpnPort;
+      };
+    };
+
     services.ddclient = {
       enable = true;
       configFile = "/opt/secret/he-ddclient.conf";
author	Kjetil Orbekk <kj@orbekk.com>	2023-10-07 08:27:27 -0400
committer	Kjetil Orbekk <kj@orbekk.com>	2023-10-07 08:27:27 -0400
commit	ddb1f4da7dc6c830d25cc38800ac4bc3edd8bc6d (patch)
tree	bb16d75d89e451ae9e8ed55eb73f53ced6f63bee /modules/router.nix
parent	d27b3088cecb48422faca144de47d1c661e70bbf (diff)