From ddb1f4da7dc6c830d25cc38800ac4bc3edd8bc6d Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Sat, 7 Oct 2023 08:27:27 -0400
Subject: wg config

---
 modules/router.nix | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/modules/router.nix b/modules/router.nix
index 6d952df..0832005 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -92,15 +92,6 @@ let
     }];
     systemd.services.he0-netdev.after = ["kjlan-netdev.service"];
 
-    networking.wireguard = {
-      enable = true;
-      interfaces.wg-vpn = {
-        ips = [ "${vpnPrefix}::d"/128 ];
-        privateKeyFile = config.age.secrets.dragon-wireguard-key.path;
-        listenPort = vpnPort;
-      };
-    };
-
     networking.iproute2.enable = true;
     networking.iproute2.rttablesExtraConfig = ''
       ${toString mullvadMark} mullvad
@@ -327,6 +318,17 @@ in {
       additionalCapabilities = ["CAP_NET_ADMIN"];
     };
 
+    networking.wireguard = {
+      enable = true;
+      interfaces.wg-vpn = {
+        socketNamespace = "router";
+        interfaceNamespace = "router";
+        ips = [ "${vpnPrefix}::d"/128 ];
+        privateKeyFile = config.age.secrets.dragon-wireguard-key.path;
+        listenPort = vpnPort;
+      };
+    };
+
     services.ddclient = {
       enable = true;
       configFile = "/opt/secret/he-ddclient.conf";
-- 
cgit v1.2.3