From a93d42e97e71dfec603a03dea0e6737f85a31968 Mon Sep 17 00:00:00 2001 From: Majiir Paktu Date: Tue, 10 Dec 2024 16:54:50 -0500 Subject: [PATCH] nixos/wireguard-networkd: disable by default Enabling networking.wireguard.useNetworkd currently requires users to modify the permissions of their private key files. Since that is a bad upgrade experience, the module should be disabled by default for now. Once systemd credential support is added to the module, it should be safe to once again enable it by default for networkd users. --- nixos/doc/manual/release-notes/rl-2505.section.md | 2 +- nixos/modules/services/networking/wireguard-networkd.nix | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 3586d5788c79..51b62fac69d3 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -121,7 +121,7 @@ - Cinnamon has been updated to 6.4. -- `networking.wireguard` now has an optional networkd backend. It is enabled by default when `networking.useNetworkd` is enabled, and it can be enabled alongside scripted networking with `networking.wireguard.useNetworkd`. Some `networking.wireguard` options have slightly different behavior with the networkd and script-based backends, documented in each option. Before upgrading, make sure the `privateKeyFile` and `presharedKeyFile` paths are readable by the `systemd-network` user if using the networkd backend. +- `networking.wireguard` now has an optional networkd backend, enabled with `networking.wireguard.useNetworkd`. Some `networking.wireguard` options have slightly different behavior with the networkd and script-based backends, documented in each option. Before upgrading, make sure the `privateKeyFile` and `presharedKeyFile` paths are readable by the `systemd-network` user if using the networkd backend. - `services.avahi.ipv6` now defaults to true. diff --git a/nixos/modules/services/networking/wireguard-networkd.nix b/nixos/modules/services/networking/wireguard-networkd.nix index 711f6e6808c2..71f7ed6e182d 100644 --- a/nixos/modules/services/networking/wireguard-networkd.nix +++ b/nixos/modules/services/networking/wireguard-networkd.nix @@ -96,8 +96,7 @@ in options.networking.wireguard = { useNetworkd = mkOption { - default = config.networking.useNetworkd; - defaultText = literalExpression "config.networking.useNetworkd"; + default = false; type = types.bool; description = '' Whether to use networkd as the network configuration backend for