colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #199416 from symphorien/wg-add-peer

Browse Source 
nixos/wireguard: start new peers when they are added
This commit is contained in:
Maximilian Bosch 2022-11-07 12:20:06 +01:00 committed by GitHub
commit 67e61879c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nixos/modules/services/networking/wireguard.nix
View File

@ -391,6 +391,19 @@ let
'';
};
# the target is required to start new peer units when they are added
generateInterfaceTarget = name: values:
let
mkPeerUnit = peer: (peerUnitServiceName name peer.publicKey (peer.dynamicEndpointRefreshSeconds != 0)) + ".service";
in
nameValuePair "wireguard-${name}"
rec {
description = "WireGuard Tunnel - ${name}";
wantedBy = [ "multi-user.target" ];
wants = [ "wireguard-${name}.service" ] ++ map mkPeerUnit values.peers;
after = wants;
};
generateInterfaceUnit = name: values:
# exactly one way to specify the private key must be set
#assert (values.privateKey != null) != (values.privateKeyFile != null);
@ -409,7 +422,6 @@ let
after = [ "network-pre.target" ];
wants = [ "network.target" ];
before = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment.DEVICE = name;
path = with pkgs; [ kmod iproute2 wireguard-tools ];
@ -540,6 +552,8 @@ in
// (mapAttrs' generateKeyServiceUnit
(filterAttrs (name: value: value.generatePrivateKeyFile) cfg.interfaces));
});
systemd.targets = mapAttrs' generateInterfaceTarget cfg.interfaces;
}
);
}