From 5d47f75c2f3deffea88d53e44fdcb66b9db3aac7 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Wed, 19 Jul 2023 23:28:58 +0100 Subject: [PATCH] swann: don't add mopup rules for wg-intfs, since we'll get that via BGP --- ops/nixos/swann/default.nix | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/ops/nixos/swann/default.nix b/ops/nixos/swann/default.nix index e86be03108..843497a649 100644 --- a/ops/nixos/swann/default.nix +++ b/ops/nixos/swann/default.nix @@ -177,22 +177,13 @@ in { Table = rtID; }; } - - { - # Catch-all mop-up rule at the end. - routingPolicyRuleConfig = { - Family = "both"; - Priority = relativePriority + 10090; - Table = rtID; - }; - } ]; }; tailscaleRule = priority: table: { # Route Tailscale (fwmark 0x80000) via Wireguard first. routingPolicyRuleConfig = { Family = "both"; - FirewallMark = hexToInt "0x80000"; + FirewallMark = hexToInt "0x80000"; # Should be "0x80000/0xff0000" Priority = priority; Table = table; }; @@ -284,7 +275,14 @@ in { }]) // { linkConfig.RequiredForOnline = "no"; }; - networks."40-en-gnet" = (physicalNetwork routeTables.gnet "0xcafe" []); + networks."40-en-gnet" = (physicalNetwork routeTables.gnet "0xcafe" [{ + # Catch-all mop-up rule at the end. + routingPolicyRuleConfig = { + Family = "both"; + Priority = 32768; + Table = routeTables.gnet; + }; + }]); networks."40-br-internal" = { networkConfig.VLAN = [ "vl-eduroam" ]; };