nixos/wg-quick: improve usage with systemd-networkd

Use `networking.resolvconf.package` to allow DNS entries to be set using the system-wide resolver implementation instead of hardcoding systemd or openresolv. Extend the tests by adding DNS entries and making one of the peers use systemd-networkd (hence systemd-resolved). Also add a few `networkd`-specific settings.
2022-03-29 21:18:46 +02:00 · 2022-03-29 21:18:46 +02:00 · 458ac47a1d
commit 458ac47a1d
parent fd662e5c46
2 changed files with 12 additions and 1 deletions
--- a/nixos/modules/services/networking/wg-quick.nix
+++ b/nixos/modules/services/networking/wg-quick.nix
@ -273,7 +273,7 @@ let
        after = [ "network.target" "network-online.target" ];
        wantedBy = optional values.autostart "multi-user.target";
        environment.DEVICE = name;
-        path = [ pkgs.kmod pkgs.wireguard-tools ];
+        path = [ pkgs.kmod pkgs.wireguard-tools config.networking.resolvconf.package ];

        serviceConfig = {
          Type = "oneshot";
@ -332,5 +332,11 @@ in {
    # breaks the wg-quick routing because wireguard packets leave with a fwmark from wireguard.
    networking.firewall.checkReversePath = false;
    systemd.services = mapAttrs' generateUnit cfg.interfaces;
+
+    # Prevent networkd from clearing the rules set by wg-quick when restarted (e.g. when waking up from suspend).
+    systemd.network.config.networkConfig.ManageForeignRoutingPolicyRules = mkDefault false;
+
+    # WireGuard interfaces should be ignored in determining whether the network is online.
+    systemd.network.wait-online.ignoredInterfaces = builtins.attrNames cfg.interfaces;
  };
 }
--- a/nixos/tests/wireguard/wg-quick.nix
+++ b/nixos/tests/wireguard/wg-quick.nix
@ -29,6 +29,8 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:

              inherit (wg-snakeoil-keys.peer1) publicKey;
            };
+
+            dns = [ "10.23.42.2" "fc00::2" "wg0" ];
          };
        };
      };
@ -38,6 +40,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:
        ip6 = "fd00::2";
        extraConfig = {
          boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; };
+          networking.useNetworkd = true;
          networking.wg-quick.interfaces.wg0 = {
            address = [ "10.23.42.2/32" "fc00::2/128" ];
            inherit (wg-snakeoil-keys.peer1) privateKey;
@ -49,6 +52,8 @@ import ../make-test-python.nix ({ pkgs, lib, ... }:

              inherit (wg-snakeoil-keys.peer0) publicKey;
            };
+
+            dns = [ "10.23.42.1" "fc00::1" "wg0" ];
          };
        };
      };