Merge pull request #140890 from seb314/wireguard/dyndns-restart-on-failure

wireguard: non-invasive fix for permanent disconnects on unstable network (e.g. laptops) from dyndns endpoints
2022-12-02 17:47:47 +02:00 · 2022-12-02 17:47:47 +02:00 · dadca5c5e1
commit dadca5c5e1
parent ffbb0204d8 82c5c3c9a9
1 changed files with 24 additions and 0 deletions
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@ -251,6 +251,21 @@ let
        '';
      };

+      dynamicEndpointRefreshRestartSeconds = mkOption {
+        default = null;
+        example = 5;
+        type = with types; nullOr ints.unsigned;
+        description = lib.mdDoc ''
+          When the dynamic endpoint refresh that is configured via
+          dynamicEndpointRefreshSeconds exits (likely due to a failure),
+          restart that service after this many seconds.
+
+          If set to `null` the value of
+          {option}`networking.wireguard.dynamicEndpointRefreshSeconds`
+          will be used as the default.
+        '';
+      };
+
      persistentKeepalive = mkOption {
        default = null;
        type = with types; nullOr int;
@ -348,7 +363,16 @@ let
                # cannot be used with systemd timers (see `man systemd.timer`),
                # which is why `simple` with a loop is the best choice here.
                # It also makes starting and stopping easiest.
+                #
+                # Restart if the service exits (e.g. when wireguard gives up after "Name or service not known" dns failures):
+                Restart = "always";
+                RestartSec = if null != peer.dynamicEndpointRefreshRestartSeconds
+                             then peer.dynamicEndpointRefreshRestartSeconds
+                             else peer.dynamicEndpointRefreshSeconds;
              };
+        unitConfig = lib.optionalAttrs dynamicRefreshEnabled {
+          StartLimitIntervalSec = 0;
+        };

        script = let
          wg_setup = concatStringsSep " " (