LintingHEADmaster

1 files changed, 28 insertions, 0 deletions

diff --git a/roles/linux_ns/files/systemd/dn42_wg@.service b/roles/linux_ns/files/systemd/dn42_wg@.service
new file mode 100644
index 0000000..0f67fda
--- /dev/null
+++ b/roles/linux_ns/files/systemd/dn42_wg@.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=WireGuard via wg-quick(8) for %I
+PartOf=wg-quick.target
+Documentation=man:wg-quick(8)
+Documentation=man:wg(8)
+Documentation=https://www.wireguard.com/
+Documentation=https://www.wireguard.com/quickstart/
+Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
+Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
+After=dn42_namespace.service network-online.target nss-lookup.target
+Requires=dn42_namespace.service network-online.target nss-lookup.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/wg-quick up /etc/wireguard/dn42/%i.conf
+ExecStop=/usr/bin/wg-quick down /etc/wireguard/dn42/%i.conf
+#ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)'
+Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
+NetworkNamespacePath=/run/netns/dn42
+BindReadOnlyPaths=/etc/netns/dn42/resolv.conf:/etc/resolv.conf
+ProtectSystem=strict
+PrivateTmp=true
+PrivateDevices=true
+PrivateIPC=true
+
+[Install]
+WantedBy=multi-user.target