diff options
Diffstat (limited to 'roles/linux-ns/files/systemd/dn42_wg@.service')
| -rw-r--r-- | roles/linux-ns/files/systemd/dn42_wg@.service | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/roles/linux-ns/files/systemd/dn42_wg@.service b/roles/linux-ns/files/systemd/dn42_wg@.service new file mode 100644 index 0000000..16a1ba6 --- /dev/null +++ b/roles/linux-ns/files/systemd/dn42_wg@.service @@ -0,0 +1,27 @@ +# wireguard tunnels inside the namespace + +[Unit] +Description=WireGuard via wg-quick(8) for %I +PartOf=wg-quick.target +Documentation=man:wg-quick(8) +Documentation=man:wg(8) +Documentation=https://www.wireguard.com/ +Documentation=https://www.wireguard.com/quickstart/ +Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8 +Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8 +After=dn42_namespace.service network-online.target nss-lookup.target +Requires=dn42_namespace.service network-online.target nss-lookup.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/wg-quick up /etc/wireguard/dn42/%i.conf +ExecStop=/usr/bin/wg-quick down /etc/wireguard/dn42/%i.conf +#ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)' +Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity +NetworkNamespacePath=/run/netns/dn42 +BindReadOnlyPaths=/etc/netns/dn42/resolv.conf:/etc/resolv.conf +ProtectSystem=strict + +[Install] +WantedBy=multi-user.target |