0xWheatyz/nixos-configurations
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(wireguard): move endpoint route to preUp/postDown hooks

Browse Source 
postUp runs after wg-quick has already rerouted all traffic through
the tunnel, making external DNS unreachable. Use preUp to add the
host route before routing changes, and postDown to clean up after.
This commit is contained in:
0xWheatyz
2026-04-15 19:12:34 -04:00
parent cca5c48725
commit 8b5111e9a1
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
configuration.nix
+2 -2
View File
@@ -180,13 +180,13 @@
dns = [ "10.0.1.65" ]; dns = [ "10.0.1.65" ];
privateKeyFile = "/etc/wireguard/private.key"; privateKeyFile = "/etc/wireguard/private.key";
postUp = '' preUp = ''
ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev @1.1.1.1 | head -1) ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev @1.1.1.1 | head -1)
GATEWAY=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $3}') GATEWAY=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $3}')
DEV=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $5}') DEV=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $5}')
${pkgs.iproute2}/bin/ip route add "$ENDPOINT_IP" via "$GATEWAY" dev "$DEV" ${pkgs.iproute2}/bin/ip route add "$ENDPOINT_IP" via "$GATEWAY" dev "$DEV"
''; '';
preDown = '' postDown = ''
ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev @1.1.1.1 | head -1) ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev @1.1.1.1 | head -1)
${pkgs.iproute2}/bin/ip route del "$ENDPOINT_IP" || true ${pkgs.iproute2}/bin/ip route del "$ENDPOINT_IP" || true
''; '';