nixos/wg-quick: improve usage with systemd-networkd
Use `networking.resolvconf.package` to allow DNS entries to be set using the system-wide resolver implementation instead of hardcoding systemd or openresolv. Extend the tests by adding DNS entries and making one of the peers use systemd-networkd (hence systemd-resolved). Also add a few `networkd`-specific settings.
This commit is contained in:
parent
fd662e5c46
commit
458ac47a1d
2 changed files with 12 additions and 1 deletions
|
@ -273,7 +273,7 @@ let
|
|||
after = [ "network.target" "network-online.target" ];
|
||||
wantedBy = optional values.autostart "multi-user.target";
|
||||
environment.DEVICE = name;
|
||||
path = [ pkgs.kmod pkgs.wireguard-tools ];
|
||||
path = [ pkgs.kmod pkgs.wireguard-tools config.networking.resolvconf.package ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
|
@ -332,5 +332,11 @@ in {
|
|||
# breaks the wg-quick routing because wireguard packets leave with a fwmark from wireguard.
|
||||
networking.firewall.checkReversePath = false;
|
||||
systemd.services = mapAttrs' generateUnit cfg.interfaces;
|
||||
|
||||
# Prevent networkd from clearing the rules set by wg-quick when restarted (e.g. when waking up from suspend).
|
||||
systemd.network.config.networkConfig.ManageForeignRoutingPolicyRules = mkDefault false;
|
||||
|
||||
# WireGuard interfaces should be ignored in determining whether the network is online.
|
||||
systemd.network.wait-online.ignoredInterfaces = builtins.attrNames cfg.interfaces;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -29,6 +29,8 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
|
|||
|
||||
inherit (wg-snakeoil-keys.peer1) publicKey;
|
||||
};
|
||||
|
||||
dns = [ "10.23.42.2" "fc00::2" "wg0" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -38,6 +40,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
|
|||
ip6 = "fd00::2";
|
||||
extraConfig = {
|
||||
boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
|
||||
networking.useNetworkd = true;
|
||||
networking.wg-quick.interfaces.wg0 = {
|
||||
address = [ "10.23.42.2/32" "fc00::2/128" ];
|
||||
inherit (wg-snakeoil-keys.peer1) privateKey;
|
||||
|
@ -49,6 +52,8 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
|
|||
|
||||
inherit (wg-snakeoil-keys.peer0) publicKey;
|
||||
};
|
||||
|
||||
dns = [ "10.23.42.1" "fc00::1" "wg0" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue