vpn v6

2025-07-20 12:51:09 +02:00
parent 75a3955d81
commit 87ab9cc1d3
2 changed files with 27 additions and 39 deletions
--- a/modules/server/wireguard-netns/default.nix
+++ b/modules/server/wireguard-netns/default.nix
@@ -31,29 +31,22 @@ in {
          NS=${cfg.namespace}
          ADDR=$(awk -F' *= *' '/^Address/ { print $2 }' "$CONFIG")
          DNS=$(awk -F' *= *' '/^DNS/ { print $2 }' "$CONFIG")
-
          ip netns delete "$NS" 2>/dev/null || true
          ip netns add "$NS"
          ip link add wg0 type wireguard
          ip link set wg0 netns "$NS"
-
          IFS=',' read -ra ADDRS <<< "$ADDR"
          for ip in "''${ADDRS[@]}"; do
            ip -n "$NS" addr add "$ip" dev wg0
          done
-
          ip -n "$NS" link set wg0 up
-
          grep -vE '^(Address|DNS) *=' "$CONFIG" | ip netns exec "$NS" wg setconf wg0 /dev/stdin
-
          ip netns exec "$NS" ip link set lo up
          ip netns exec "$NS" ip route add default dev wg0
-
          mkdir -p /etc/netns/"$NS"
          echo "nameserver $DNS" > /etc/netns/"$NS"/resolv.conf
        '';
      };
-
      netnsTeardown = pkgs.writeShellApplication {
        name = "netns-${cfg.namespace}-teardown";
        runtimeInputs = with pkgs; [iproute2];
@@ -65,8 +58,9 @@ in {
    in {
      systemd.services."netns@${cfg.namespace}" = {
        description = "WireGuard VPN netns (${cfg.namespace})";
-        after = ["network-online.target"];
-        wants = ["network-online.target"];
+        bindsTo = ["netns@${cfg.namespace}.service"];
+        requires = ["network-online.target"];
+        after = ["netns@${cfg.namespace}.service"];
        wantedBy = ["multi-user.target"];

        serviceConfig = {