Add role for Dn42 and network namespace

author: uvok cheetah 2025-02-02 15:21:26 +0100
committer: uvok cheetah 2025-02-02 15:21:26 +0100
commit: 526797b41c8dfffc7e74a951c17ef96734980e7a (patch)
tree: 84e562022de12f2cedc089ae8d0cbfdc02c595e9 /roles/linux-ns/files/systemd/dn42_wg@.service
parent: 0ee94b306e667225b64804f169f15a961e966511 (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/roles/linux-ns/files/systemd/dn42_wg@.service b/roles/linux-ns/files/systemd/dn42_wg@.service
new file mode 100644
index 0000000..16a1ba6
--- /dev/null
+++ b/roles/linux-ns/files/systemd/dn42_wg@.service
@@ -0,0 +1,27 @@
+# wireguard tunnels inside the namespace
+
+[Unit]
+Description=WireGuard via wg-quick(8) for %I
+PartOf=wg-quick.target
+Documentation=man:wg-quick(8)
+Documentation=man:wg(8)
+Documentation=https://www.wireguard.com/
+Documentation=https://www.wireguard.com/quickstart/
+Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
+Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
+After=dn42_namespace.service network-online.target nss-lookup.target
+Requires=dn42_namespace.service network-online.target nss-lookup.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/wg-quick up /etc/wireguard/dn42/%i.conf
+ExecStop=/usr/bin/wg-quick down /etc/wireguard/dn42/%i.conf
+#ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)'
+Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
+NetworkNamespacePath=/run/netns/dn42
+BindReadOnlyPaths=/etc/netns/dn42/resolv.conf:/etc/resolv.conf
+ProtectSystem=strict
+
+[Install]
+WantedBy=multi-user.target
author	uvok cheetah	2025-02-02 15:21:26 +0100
committer	uvok cheetah	2025-02-02 15:21:26 +0100
commit	526797b41c8dfffc7e74a951c17ef96734980e7a (patch)
tree	84e562022de12f2cedc089ae8d0cbfdc02c595e9 /roles/linux-ns/files/systemd/dn42_wg@.service
parent	0ee94b306e667225b64804f169f15a961e966511 (diff)