Merge pull request #140890 from seb314/wireguard/dyndns-restart-on-failure

pyrox.dev / nixpkgs

fork atom

lol

fork atom

wireguard: non-invasive fix for permanent disconnects on unstable network (e.g. laptops) from dyndns endpoints

authored by

Artturi and committed by

GitHub 3 years ago dadca5c5 ffbb0204

+24

1 changed file

expand all

nixos

modules

services

networking

wireguard.nix

+24

nixos/modules/services/networking/wireguard.nix

··· 251 251 ''; 252 252 }; 253 253 254 + dynamicEndpointRefreshRestartSeconds = mkOption { 255 + default = null; 256 + example = 5; 257 + type = with types; nullOr ints.unsigned; 258 + description = lib.mdDoc '' 259 + When the dynamic endpoint refresh that is configured via 260 + dynamicEndpointRefreshSeconds exits (likely due to a failure), 261 + restart that service after this many seconds. 262 + 263 + If set to `null` the value of 264 + {option}`networking.wireguard.dynamicEndpointRefreshSeconds` 265 + will be used as the default. 266 + ''; 267 + }; 268 + 254 269 persistentKeepalive = mkOption { 255 270 default = null; 256 271 type = with types; nullOr int; ··· 348 363 # cannot be used with systemd timers (see `man systemd.timer`), 349 364 # which is why `simple` with a loop is the best choice here. 350 365 # It also makes starting and stopping easiest. 366 + # 367 + # Restart if the service exits (e.g. when wireguard gives up after "Name or service not known" dns failures): 368 + Restart = "always"; 369 + RestartSec = if null != peer.dynamicEndpointRefreshRestartSeconds 370 + then peer.dynamicEndpointRefreshRestartSeconds 371 + else peer.dynamicEndpointRefreshSeconds; 351 372 }; 373 + unitConfig = lib.optionalAttrs dynamicRefreshEnabled { 374 + StartLimitIntervalSec = 0; 375 + }; 352 376 353 377 script = let 354 378 wg_setup = concatStringsSep " " (