From 610c83285c80d255ad43793dee4beab4cee8acff Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Tue, 30 Jan 2024 15:53:06 -0500
Subject: update router config

---
 modules/router.nix | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/modules/router.nix b/modules/router.nix
index 63ea496..33e8407 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -32,10 +32,10 @@ let
     ip netns exec vpn ip link set lo up
     ip link set vpn-vport netns vpn
 
-    ip netns exec router ${pkgs.procps}/bin/sysctl -w net.ipv4.conf.default.forwarding=1
-    ip netns exec router ${pkgs.procps}/bin/sysctl -w net.ipv4.conf.all.forwarding=1
-    ip netns exec router ${pkgs.procps}/bin/sysctl -w net.ipv6.conf.default.forwarding=1
-    ip netns exec router ${pkgs.procps}/bin/sysctl -w net.ipv6.conf.all.forwarding=1
+    # ip netns exec router ${pkgs.procps}/bin/sysctl -w net.ipv4.conf.default.forwarding=1
+    # ip netns exec router ${pkgs.procps}/bin/sysctl -w net.ipv4.conf.all.forwarding=1
+    # ip netns exec router ${pkgs.procps}/bin/sysctl -w net.ipv6.conf.default.forwarding=1
+    # ip netns exec router ${pkgs.procps}/bin/sysctl -w net.ipv6.conf.all.forwarding=1
   '';
 
   router-netns-down = pkgs.writeScript "router-netns-down" ''
@@ -45,6 +45,13 @@ let
   router-config = { config, lib, pkgs, ... }: {
     system.stateVersion = "22.05";
 
+    boot.kernel.sysctl = {
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+      "net.ipv6.conf.all.forwarding" = true;
+      "net.ipv6.conf.default.forwarding" = true;
+    };
+
     environment.systemPackages = with pkgs; [ tcpdump ];
     virtualisation.vswitch.enable = true;
     virtualisation.vswitch.resetOnStart = false;
@@ -320,13 +327,6 @@ in {
   };
 
   config = mkIf cfg.enable {
-    boot.kernel.sysctl = {
-      "net.ipv4.conf.all.forwarding" = true;
-      "net.ipv4.conf.default.forwarding" = true;
-      "net.ipv6.conf.all.forwarding" = true;
-      "net.ipv6.conf.default.forwarding" = true;
-    };
-
     systemd.services."router-netns" = {
       description = "router network namespace";
       before = ["network.target"];
-- 
cgit v1.2.3