enable forwarding on vpn

nixos/ifrit/configuration.nix

@@ -134,6 +134,11 @@ in
   networking.interfaces.ens3.useDHCP = true;
   networking.interfaces.ens7.useDHCP = false;
 
+  boot.kernel.sysctl = {
+    # Enable forwarding for VPN
+    "net.ipv6.conf.ens3.forwarding" = true;
+  };
+
   fileSystems."/mnt/storage" = {
     device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7";
     mountPoint = "/mnt/storage";

nixos/modules/vpnServer.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, pkgs, lib, ... }:
 
 with lib;
 let
@@ -32,19 +32,27 @@ in
     };
   };
   config = mkIf cfg.enable {
-    networking.wireguard.enable = true;
-    networking.wireguard.interfaces."wg0" = {
-      allowedIPsAsRoutes = true;
-      privateKeyFile = "/var/lib/wireguard/wg0-key";
-      ips = [ "fd42:9c3b:f96d:0200::0/64" ];
-      listenPort = 51234;
-      peers = map
-        (peer: (
-          {
-            allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ];
-            publicKey = peer.key;
-          }))
-        (attrValues cfg.peers);
+    networking.wireguard = {
+      enable = true;
+      interfaces."wg0" = {
+        allowedIPsAsRoutes = true;
+        privateKeyFile = "/var/lib/wireguard/wg0-key";
+        ips = [ "fd42:9c3b:f96d:0200::0/64" ];
+        listenPort = 51234;
+        peers = map
+          (peer: (
+            {
+              allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ];
+              publicKey = peer.key;
+            }))
+          (attrValues cfg.peers);
+        postSetup = ''
+          wg set wg0 fwmark 51234
+          ip rule add table 2468
+          ip route add default dev ens3 table 2468
+          ip route add fwmark 51234 table 2468
+        '';
+      };
     };
   };
 }