0xWheatyz/nixos-configurations
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(wireguard): use static endpoint IP and drop manual route hooks

Browse Source 
Replace hostname endpoint with resolved IP (69.48.243.22) so
wg-quick's native fwmark-based routing handles 0.0.0.0/0 correctly.
Remove preUp/postDown hooks that conflicted with wg-quick's own
policy routing.
This commit is contained in:
0xWheatyz
2026-04-15 19:19:22 -04:00
parent 8b5111e9a1
commit c371552dfd
1 changed files with 1 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
configuration.nix
+1 -12
View File
@@ -180,20 +180,9 @@
dns = [ "10.0.1.65" ]; dns = [ "10.0.1.65" ];
privateKeyFile = "/etc/wireguard/private.key"; privateKeyFile = "/etc/wireguard/private.key";
preUp = ''
ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev @1.1.1.1 | head -1)
GATEWAY=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $3}')
DEV=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $5}')
${pkgs.iproute2}/bin/ip route add "$ENDPOINT_IP" via "$GATEWAY" dev "$DEV"
'';
postDown = ''
ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev @1.1.1.1 | head -1)
${pkgs.iproute2}/bin/ip route del "$ENDPOINT_IP" || true
'';
peers = [{ peers = [{
publicKey = "VEpzr/CeGdS6Wsy0NDDfmlB/bCYxS55A155HWGCIIzc="; publicKey = "VEpzr/CeGdS6Wsy0NDDfmlB/bCYxS55A155HWGCIIzc=";
endpoint = "vpn.leeworks.dev:51820"; endpoint = "69.48.243.22:51820";
allowedIPs = [ "0.0.0.0/0" ]; allowedIPs = [ "0.0.0.0/0" ];
persistentKeepalive = 25; persistentKeepalive = 25;
}]; }];