diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2022-05-31 08:37:14 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2022-05-31 08:37:14 -0400 |
| commit | ff189d805bad826cec4d78368dcd2f3757723eed (patch) | |
| tree | 3ae64f5a1934e051abdf1f8b35b5fcc2610b5c41 /modules | |
| parent | d3049557ffc13afd866338581442f8117be120ae (diff) | |
Update vpn
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/vpn.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/vpn.nix b/modules/vpn.nix index ff47c0a..65efb05 100644 --- a/modules/vpn.nix +++ b/modules/vpn.nix @@ -27,7 +27,7 @@ let mkPeer = hostConfig: { inherit (hostConfig) publicKey endpoint; - allowedIPs = hostConfig.ips; # ++ (lib.optionals (hostConfig.relay && !cfg.is_server) [ "0.0.0.0/0" "::/0" ]); + allowedIPs = hostConfig.ips ++ (lib.optionals (hostConfig.relay && !cfg.is_server) [ "::/0" ]); }; getPeers = host: @@ -65,7 +65,7 @@ in interfaces.vpn = { ips = hosts.${config.networking.hostName}.ips; privateKeyFile = "${config.age.secrets."${config.networking.hostName}-wireguard-key".path}"; - allowedIPsAsRoutes = false; + allowedIPsAsRoutes = true; listenPort = cfg.listenPort; peers = getPeers config.networking.hostName; }; |