From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Florian Klink <flokli@flokli.de>, wireguard@lists.zx2c4.com
Subject: Re: [PATCH] tools: add wireguard@.service
Date: Fri, 26 May 2017 11:30:26 -0400 [thread overview]
Message-ID: <87wp93octp.fsf@fifthhorseman.net> (raw)
In-Reply-To: <20170526084423.31088-1-flokli@flokli.de>
[-- Attachment #1: Type: text/plain, Size: 1581 bytes --]
Hi Florian--
On Fri 2017-05-26 10:44:23 +0200, Florian Klink wrote:
> If you simply want to create wireguard interfaces and configure them,
> wg-quick might be too much, as it also configures Addresses, MTU and
> adds routes. This unit file can be used in cases where you want to use
> wg(8) to configure the wireguard interface, but do regular network
> configuration on top of the link by something else (possibly not knowing
> wireguard, like systemd-networkd or NetworkManager.
I like this suggestion, but i see it as a stopgap until there is real
integration with systemd-networkd -- this would ideally be a .network
unit just like every other network interface, right?
A couple thoughts on the .service file:
> diff --git a/src/tools/wireguard@.service b/src/tools/wireguard@.service
> new file mode 100644
> index 0000000..b6d53bf
> --- /dev/null
> +++ b/src/tools/wireguard@.service
> @@ -0,0 +1,19 @@
> +[Unit]
> +Description=WireGuard via wg(8) for %I
> +After=network-online.target
> +Wants=network-online.target
This implies that the network is online *before* the interface comes up.
That means that other tools which depend on the wireguard link being
established can no longer depend on network-online.target, right?
> +Documentation=man:wg(8)
> +Documentation=https://www.wireguard.io/
> +Documentation=https://www.wireguard.io/quickstart/
> +Documentation=https://git.zx2c4.com/WireGuard/about/src/tools/wg.8
I think given the use of the conf file, the [Unit] section should also
have:
ConditionFileNotEmpty=/etc/wireguard/%i.conf
Regards,
--dkg
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2017-05-26 15:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-26 8:44 [PATCH] tools: add wireguard@.service Florian Klink
2017-05-26 15:30 ` Daniel Kahn Gillmor [this message]
2017-05-26 17:01 ` Florian Klink
2017-05-26 21:09 ` Jörg Thalheim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wp93octp.fsf@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=flokli@flokli.de \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.