Commit 82c5c3c9 authored by seb314's avatar seb314
Browse files

wireguard: when dyn-dns refresh is enabled, reconnect after failures 

Make the dynamic-dns refresh systemd service (controlled via the
preexisting option dynamicEndpointRefreshSecond) robust to e.g. dns
failures that happen on intermittent network connections.

Background:

When dns resolution fails with a 'permanent' error ("Name or service not
known" instead of "Temporary failure in name resolution"), wireguard
won't retry despite WG_ENDPOINT_RESOLUTION_RETRIES=infinity.

-> This change should improve reliability/connectivity.

somewhat related thread: https://github.com/NixOS/nixpkgs/issues/63869
parent 574a61b4

nixos/modules/services/networking/wireguard.nix

+24 −0
Original line number Diff line number Diff line
@@ -224,6 +224,21 @@ let 
        '';

      };



      dynamicEndpointRefreshRestartSeconds = mkOption {

        default = null;

        example = 5;

        type = with types; nullOr ints.unsigned;

        description = lib.mdDoc ''

          When the dynamic endpoint refresh that is configured via

          dynamicEndpointRefreshSeconds exits (likely due to a failure),

          restart that service after this many seconds.



          If set to `null` the value of

          {option}`networking.wireguard.dynamicEndpointRefreshSeconds`

          will be used as the default.

        '';

      };



      persistentKeepalive = mkOption {

        default = null;

        type = with types; nullOr int;
@@ -320,6 +335,15 @@ let 
                # cannot be used with systemd timers (see `man systemd.timer`),

                # which is why `simple` with a loop is the best choice here.

                # It also makes starting and stopping easiest.

                #

                # Restart if the service exits (e.g. when wireguard gives up after "Name or service not known" dns failures):

                Restart = "always";

                RestartSec = if null != peer.dynamicEndpointRefreshRestartSeconds

                             then peer.dynamicEndpointRefreshRestartSeconds

                             else peer.dynamicEndpointRefreshSeconds;

              };

        unitConfig = lib.optionalAttrs dynamicRefreshEnabled {

          StartLimitIntervalSec = 0;

        };



        script = let