[PATCH] tools: add wireguard at .service
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri May 26 17:30:26 CEST 2017
Hi Florian--
On Fri 2017-05-26 10:44:23 +0200, Florian Klink wrote:
> If you simply want to create wireguard interfaces and configure them,
> wg-quick might be too much, as it also configures Addresses, MTU and
> adds routes. This unit file can be used in cases where you want to use
> wg(8) to configure the wireguard interface, but do regular network
> configuration on top of the link by something else (possibly not knowing
> wireguard, like systemd-networkd or NetworkManager.
I like this suggestion, but i see it as a stopgap until there is real
integration with systemd-networkd -- this would ideally be a .network
unit just like every other network interface, right?
A couple thoughts on the .service file:
> diff --git a/src/tools/wireguard at .service b/src/tools/wireguard at .service
> new file mode 100644
> index 0000000..b6d53bf
> --- /dev/null
> +++ b/src/tools/wireguard at .service
> @@ -0,0 +1,19 @@
> +[Unit]
> +Description=WireGuard via wg(8) for %I
> +After=network-online.target
> +Wants=network-online.target
This implies that the network is online *before* the interface comes up.
That means that other tools which depend on the wireguard link being
established can no longer depend on network-online.target, right?
> +Documentation=man:wg(8)
> +Documentation=https://www.wireguard.io/
> +Documentation=https://www.wireguard.io/quickstart/
> +Documentation=https://git.zx2c4.com/WireGuard/about/src/tools/wg.8
I think given the use of the conf file, the [Unit] section should also
have:
ConditionFileNotEmpty=/etc/wireguard/%i.conf
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170526/829db736/attachment.asc>
More information about the WireGuard
mailing list