pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #140890 from seb314/wireguard/dyndns-restart-on-failure

wireguard: non-invasive fix for permanent disconnects on unstable network (e.g. laptops) from dyndns endpoints

Artturi dadca5c5 ffbb0204

options
unified split
Changed files
+24
nixos
modules
services
networking
wireguard.nix
+24
nixos/modules/services/networking/wireguard.nix 
···

       
251

       
251

       
 

       
        '';


     

       
252

       
252

       
 

       
      };


     

       
253

       
253

       
 

       



     

       

       
254

       
+

       
      dynamicEndpointRefreshRestartSeconds = mkOption {


     

       

       
255

       
+

       
        default = null;


     

       

       
256

       
+

       
        example = 5;


     

       

       
257

       
+

       
        type = with types; nullOr ints.unsigned;


     

       

       
258

       
+

       
        description = lib.mdDoc ''


     

       

       
259

       
+

       
          When the dynamic endpoint refresh that is configured via


     

       

       
260

       
+

       
          dynamicEndpointRefreshSeconds exits (likely due to a failure),


     

       

       
261

       
+

       
          restart that service after this many seconds.


     

       

       
262

       
+

       



     

       

       
263

       
+

       
          If set to `null` the value of


     

       

       
264

       
+

       
          {option}`networking.wireguard.dynamicEndpointRefreshSeconds`


     

       

       
265

       
+

       
          will be used as the default.


     

       

       
266

       
+

       
        '';


     

       

       
267

       
+

       
      };


     

       

       
268

       
+

       



     

       
254

       
269

       
 

       
      persistentKeepalive = mkOption {


     

       
255

       
270

       
 

       
        default = null;


     

       
256

       
271

       
 

       
        type = with types; nullOr int;


     
···

       
348

       
363

       
 

       
                # cannot be used with systemd timers (see `man systemd.timer`),


     

       
349

       
364

       
 

       
                # which is why `simple` with a loop is the best choice here.


     

       
350

       
365

       
 

       
                # It also makes starting and stopping easiest.


     

       

       
366

       
+

       
                #


     

       

       
367

       
+

       
                # Restart if the service exits (e.g. when wireguard gives up after "Name or service not known" dns failures):


     

       

       
368

       
+

       
                Restart = "always";


     

       

       
369

       
+

       
                RestartSec = if null != peer.dynamicEndpointRefreshRestartSeconds


     

       

       
370

       
+

       
                             then peer.dynamicEndpointRefreshRestartSeconds


     

       

       
371

       
+

       
                             else peer.dynamicEndpointRefreshSeconds;


     

       
351

       
372

       
 

       
              };


     

       

       
373

       
+

       
        unitConfig = lib.optionalAttrs dynamicRefreshEnabled {


     

       

       
374

       
+

       
          StartLimitIntervalSec = 0;


     

       

       
375

       
+

       
        };


     

       
352

       
376

       
 

       



     

       
353

       
377

       
 

       
        script = let


     

       
354

       
378

       
 

       
          wg_setup = concatStringsSep " " (