···

       
273
       
273
       
 
       
        after = [ "network.target" "network-online.target" ];

     

       
274
       
274
       
 
       
        wantedBy = optional values.autostart "multi-user.target";

     

       
275
       
275
       
 
       
        environment.DEVICE = name;

     

       
276
       
276
       
-
       
        path = [ pkgs.kmod pkgs.wireguard-tools ];

     

       
276
       
276
       
+
       
        path = [ pkgs.kmod pkgs.wireguard-tools config.networking.resolvconf.package ];

     

       
277
       
277
       
 
       


     

       
278
       
278
       
 
       
        serviceConfig = {

     

       
279
       
279
       
 
       
          Type = "oneshot";

     
···

       
332
       
332
       
 
       
    # breaks the wg-quick routing because wireguard packets leave with a fwmark from wireguard.

     

       
333
       
333
       
 
       
    networking.firewall.checkReversePath = false;

     

       
334
       
334
       
 
       
    systemd.services = mapAttrs' generateUnit cfg.interfaces;

     

       
335
       
335
       
+
       


     

       
336
       
336
       
+
       
    # Prevent networkd from clearing the rules set by wg-quick when restarted (e.g. when waking up from suspend).

     

       
337
       
337
       
+
       
    systemd.network.config.networkConfig.ManageForeignRoutingPolicyRules = mkDefault false;

     

       
338
       
338
       
+
       


     

       
339
       
339
       
+
       
    # WireGuard interfaces should be ignored in determining whether the network is online.

     

       
340
       
340
       
+
       
    systemd.network.wait-online.ignoredInterfaces = builtins.attrNames cfg.interfaces;

     

       
335
       
341
       
 
       
  };

     

       
336
       
342
       
 
       
}

     

···

       
29
       
29
       
 
       


     

       
30
       
30
       
 
       
              inherit (wg-snakeoil-keys.peer1) publicKey;

     

       
31
       
31
       
 
       
            };

     

       
32
       
32
       
+
       


     

       
33
       
33
       
+
       
            dns = [ "10.23.42.2" "fc00::2" "wg0" ];

     

       
32
       
34
       
 
       
          };

     

       
33
       
35
       
 
       
        };

     

       
34
       
36
       
 
       
      };

     
···

       
38
       
40
       
 
       
        ip6 = "fd00::2";

     

       
39
       
41
       
 
       
        extraConfig = {

     

       
40
       
42
       
 
       
          boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };

     

       
43
       
43
       
+
       
          networking.useNetworkd = true;

     

       
41
       
44
       
 
       
          networking.wg-quick.interfaces.wg0 = {

     

       
42
       
45
       
 
       
            address = [ "10.23.42.2/32" "fc00::2/128" ];

     

       
43
       
46
       
 
       
            inherit (wg-snakeoil-keys.peer1) privateKey;

     
···

       
49
       
52
       
 
       


     

       
50
       
53
       
 
       
              inherit (wg-snakeoil-keys.peer0) publicKey;

     

       
51
       
54
       
 
       
            };

     

       
55
       
55
       
+
       


     

       
56
       
56
       
+
       
            dns = [ "10.23.42.1" "fc00::1" "wg0" ];

     

       
52
       
57
       
 
       
          };

     

       
53
       
58
       
 
       
        };

     

       
54
       
59
       
 
       
      };