wireguard: restart on failure

As a oneshot service, if the startup failed it would never be attempted again. This is problematic when peer's addresses require DNS. DNS may not be reliably available at the time wireguard starts. Converting this to a simple service with Restart and RestartAfter directives allows the service to be reattempted, but at the cost of losing the oneshot semantics. Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
author: sjau <github.com@sjau.ch> 2019-05-23 22:09:01 +0200
committer: Maximilian Bosch <maximilian@mbosch.me> 2019-05-25 16:32:14 +0200
commit: 1bff53cb8408f583f4f9a02e487dbe2fa4110271 (patch)
tree: b6ba3c800d74e85ac0f7223020d1c93a903a2aff /nixos
parent: f38707a4e4f137e78f73ddf1a6e4ef7cee59bc20 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix
index dd3cb1af2716b..b2f9f1d413cb1 100644
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -245,7 +245,9 @@ let
         path = with pkgs; [ kmod iproute wireguard-tools ];
 
         serviceConfig = {
-          Type = "oneshot";
+          Type = "simple";
+          Restart = "on-failure";
+          RestartSec = "5s";
           RemainAfterExit = true;
         };
author	sjau <github.com@sjau.ch>	2019-05-23 22:09:01 +0200
committer	Maximilian Bosch <maximilian@mbosch.me>	2019-05-25 16:32:14 +0200
commit	1bff53cb8408f583f4f9a02e487dbe2fa4110271 (patch)
tree	b6ba3c800d74e85ac0f7223020d1c93a903a2aff /nixos
parent	f38707a4e4f137e78f73ddf1a6e4ef7cee59bc20 (diff)