I ended up doing a oneshot script. Not very elegant, but it works.
# NTZ route through a physical tap and then out to AWS networking = {
iproute2 = {
enable = true;
rttablesExtraConfig =
''1 rt2'';
};
};
systemd.services.secondGateway = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "Upload files to cloud or MT ARCS etc.";
path = [pkgs.bash pkgs.iproute];
script = ''
ip route add default via 10.101.1.254 dev eno3 table rt2
ip route add 10.101.1.0/24 dev eno3 src 10.101.1.3 table rt2
ip rule add to 10.10.190.32/18 table rt2
ip rule add from 10.10.190.32/18 table rt2
'';
serviceConfig = {
Type= "oneshot";
User = "root";
Restart = "no";
};
};