nixos/wireguard-networkd: refresh peer endpoint without deleting link (3061dfc8) · Commits · nix / nixpkgs

nixos/modules/services/networking/wireguard-networkd.nix

+11 −3

Original line number	Diff line number	Diff line
		@@ -101,15 +101,22 @@ let
		iproute2
		systemd
		];
		# networkd doesn't provide a mechanism for refreshing endpoints.
		# networkd doesn't automatically refresh peer endpoints.
		# See: https://github.com/systemd/systemd/issues/9911
		# This hack does the job but takes down the whole interface to do it.
		script = ''
		ip link delete ${name} \|\| :
		touch /etc/systemd/network/40-${name}.netdev
		networkctl reload
		'';
		};

		# netdev config must be a real file (not a symlink to a store file)
		# so the refresh service can 'touch' it.
		generateRefreshNetdevMode =
		name: interface:
		nameValuePair "systemd/network/40-${name}.netdev" {
		mode = "0444";
		};

		in
		{
		meta.maintainers = [ lib.maintainers.majiir ];
		@@ -225,6 +232,7 @@ in
		networks = mapAttrs generateNetwork cfg.interfaces;
		};

		environment.etc = mapAttrs' generateRefreshNetdevMode refreshEnabledInterfaces;
		systemd.timers = mapAttrs' generateRefreshTimer refreshEnabledInterfaces;
		systemd.services = (mapAttrs' generateRefreshService refreshEnabledInterfaces) // {
		systemd-networkd.serviceConfig.LoadCredential = flatten (

+0 −9

Original line number	Diff line number	Diff line
		@@ -215,15 +215,6 @@ let
		This option can be set or overridden for individual peers.

		Setting this to `0` disables periodic refresh.

		::: {.warning}
		When {option}`networking.wireguard.useNetworkd` is enabled, this
		option deletes the Wireguard interface and brings it back up by
		reconfiguring the network with `networkctl reload` on every refresh.
		This could have adverse effects on your network and cause brief
		connectivity blips. See [systemd/systemd#9911](https://github.com/systemd/systemd/issues/9911)
		for an upstream feature request that can make this less hacky.
		:::
		'';
		};