From c5df8359dffe616b2d151a5514c4f4821911a002 Mon Sep 17 00:00:00 2001 From: Guillaume Girol Date: Thu, 3 Nov 2022 12:00:00 +0000 Subject: [PATCH] nixos/wireguard: start new peers when they are added when a new peer is added, it does not modify any active units, because the interface unit remains the same. therefore the new peer is not added until next reboot or manual action. --- .../modules/services/networking/wireguard.nix | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 3f6fa3c86402..e3c3d3ba3c96 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -391,6 +391,19 @@ let ''; }; + # the target is required to start new peer units when they are added + generateInterfaceTarget = name: values: + let + mkPeerUnit = peer: (peerUnitServiceName name peer.publicKey (peer.dynamicEndpointRefreshSeconds != 0)) + ".service"; + in + nameValuePair "wireguard-${name}" + rec { + description = "WireGuard Tunnel - ${name}"; + wantedBy = [ "multi-user.target" ]; + wants = [ "wireguard-${name}.service" ] ++ map mkPeerUnit values.peers; + after = wants; + }; + generateInterfaceUnit = name: values: # exactly one way to specify the private key must be set #assert (values.privateKey != null) != (values.privateKeyFile != null); @@ -409,7 +422,6 @@ let after = [ "network-pre.target" ]; wants = [ "network.target" ]; before = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; environment.DEVICE = name; path = with pkgs; [ kmod iproute2 wireguard-tools ]; @@ -540,6 +552,8 @@ in // (mapAttrs' generateKeyServiceUnit (filterAttrs (name: value: value.generatePrivateKeyFile) cfg.interfaces)); - }); + systemd.targets = mapAttrs' generateInterfaceTarget cfg.interfaces; + } + ); }