From 603a006df86fbe6df812a4988adc05745604890d Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sun, 24 Jan 2021 14:44:00 +0100
Subject: [PATCH] Make routing all traffic over wireguard tunnel work

Fixes #26 (regression introduced in
126a0dad4b81f1204de31411d70e50b0b6190614)

This is not an ideal solution, since it disables some features of the
firewall. Ideally, the mullvad configuration would be declaratively
managed and include a PostUp and PreDown command that adds routes to the
tunnel endpoint to the physical interface.
---
 modules/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/default.nix b/modules/default.nix
index 8abc53c..9e6cb88 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -99,6 +99,10 @@ in
     # NixOS state version (see https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion)
     system.stateVersion = "20.03";
 
+    # When this is set to true (default), routing everything through a
+    # wireguard tunnel does not work.
+    networking.firewall.checkReversePath = "loose";
+
     nix = {
       nixPath = [
         "/var/src" # pinned nixpkgs and configuration