1 files changed, 11 insertions, 15 deletions

diff --git a/config/router.nix b/config/router.nix
index 2b05b7b..28d0f30 100644
--- a/config/router.nix
+++ b/config/router.nix
@@ -2,14 +2,15 @@
 let
   wan-dev = "bond0.10";
   lan-dev = "bond0";
+  # config.orbekk.nycmesh.listenPort
   wireguardPorts =
-    [ config.orbekk.mullvad.listenPort config.orbekk.nycmesh.listenPort ];
+    [ config.orbekk.mullvad.listenPort ];
   mullvadMark = 30;
-  nycmeshMark = 32;
+  # nycmeshMark = 32;
   aliases = import ../data/aliases.nix;
 in {
   orbekk.mullvad.enable = true;
-  orbekk.nycmesh.enable = true;
+  orbekk.nycmesh.enable = false;
 
   services.tftpd.enable = true;
   services.openntpd.enable = true;
@@ -69,7 +70,7 @@ in {
       @def $DEV_UNTRUSTED_LAN = (${lan-dev}.30 ${lan-dev}.32);
       @def $DEV_LAN = (${lan-dev}.100);
       @def $DEV_ADMIN = (${lan-dev}.255);
-      @def $DEV_WAN = (${wan-dev} he0 mullvad nycmesh);
+      @def $DEV_WAN = (${wan-dev} he0 mullvad);
       @def $NET_LAN = (172.20.0.0/16);
 
       # Forward dns queries to dnsmasq on LAN interfaces.
@@ -163,11 +164,6 @@ in {
           interface ${lan-dev}.30 MARK set-mark ${toString mullvadMark};
         }
       }
-      domain ip table mangle {
-        chain PREROUTING {
-          interface ${lan-dev}.32 MARK set-mark ${toString nycmeshMark};
-        }
-      }
     '';
   };
 
@@ -270,9 +266,9 @@ in {
   };
 
   networking.iproute2.enable = true;
+  # ${toString nycmeshMark} nycmesh
   networking.iproute2.rttablesExtraConfig = ''
      ${toString mullvadMark} mullvad
-     ${toString nycmeshMark} nycmesh
     200 he
   '';
 
@@ -295,11 +291,11 @@ in {
     ip route flush cache
   '';
 
-  networking.wireguard.interfaces.nycmesh.postSetup = ''
-    ip rule add fwmark ${toString nycmeshMark} table nycmesh
-    ip route replace default via 10.70.73.1 onlink dev nycmesh table nycmesh
-    ip route flush cache
-  '';
+  # networking.wireguard.interfaces.nycmesh.postSetup = ''
+  #   ip rule add fwmark ${toString nycmeshMark} table nycmesh
+  #   ip route replace default via 10.70.73.1 onlink dev nycmesh table nycmesh
+  #   ip route flush cache
+  # '';
 
   # boot.kernel.sysctl."net.ipv6.conf.${wan-dev}.disable_ipv6" = true;