Re: [PATCH] Adding support for reloading configuration via systemd
Am Fr., 24. Juli 2020 um 11:25 Uhr schrieb Garrit Franke : > > On Fri, Jul 24, 2020 at 11:14:52AM +0200, Jason A. Donenfeld wrote: > > On Fri, Jul 24, 2020 at 10:30 AM Tomcsanyi, Domonkos > > wrote: > > > > > > Signed-off-by: Domonkos P. Tomcsanyi > > > --- > > > src/systemd/wg-quick@.service | 1 + > > > 1 file changed, 1 insertion(+) > > > > > > diff --git a/src/systemd/wg-quick@.service b/src/systemd/wg-quick@.service > > > index a9cbb58..8eb040b 100644 > > > --- a/src/systemd/wg-quick@.service > > > +++ b/src/systemd/wg-quick@.service > > > @@ -15,6 +15,7 @@ Type=oneshot > > > RemainAfterExit=yes > > > ExecStart=/usr/bin/wg-quick up %i > > > ExecStop=/usr/bin/wg-quick down %i > > > +ExecReload=/bin/bash -c '/usr/bin/wg syncconf %i <(/usr/bin/wg-quick > > > strip > > > %i)' > > > Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity > > > > > > [Install] > > > -- > > > 2.17.1 > > > > > > Not the cleanest solution, but I think it might help a lot of people, so > > > I'm > > > submitting it. > > > > This actually doesn't seem too bad to me. Are there cleaner solutions > > that I'm not thinking of that I should consider before applying this > > patch? > > I think it doesn't get cleaner than this one-liner. > Some time back I submitted a patch that added a restart command to wg-tools. > We settled on the conclusion that a systemd approach would be much cleaner. Sorry, just a little follow up: https://lists.zx2c4.com/pipermail/wireguard/2020-June/005549.html
Re: [PATCH] Adding support for reloading configuration via systemd
On Fri, Jul 24, 2020 at 11:14:52AM +0200, Jason A. Donenfeld wrote: > On Fri, Jul 24, 2020 at 10:30 AM Tomcsanyi, Domonkos > wrote: > > > > Signed-off-by: Domonkos P. Tomcsanyi > > --- > > src/systemd/wg-quick@.service | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/src/systemd/wg-quick@.service b/src/systemd/wg-quick@.service > > index a9cbb58..8eb040b 100644 > > --- a/src/systemd/wg-quick@.service > > +++ b/src/systemd/wg-quick@.service > > @@ -15,6 +15,7 @@ Type=oneshot > > RemainAfterExit=yes > > ExecStart=/usr/bin/wg-quick up %i > > ExecStop=/usr/bin/wg-quick down %i > > +ExecReload=/bin/bash -c '/usr/bin/wg syncconf %i <(/usr/bin/wg-quick strip > > %i)' > > Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity > > > > [Install] > > -- > > 2.17.1 > > > > Not the cleanest solution, but I think it might help a lot of people, so I'm > > submitting it. > > This actually doesn't seem too bad to me. Are there cleaner solutions > that I'm not thinking of that I should consider before applying this > patch? I think it doesn't get cleaner than this one-liner. Some time back I submitted a patch that added a restart command to wg-tools. We settled on the conclusion that a systemd approach would be much cleaner.
Re: [PATCH] wg-quick: add restart command
Thanks for your comments! I really like the systemctl reload approach. My main intention with this patchset was to add this feature to wg-quicks arsenal because (at least for me) it's the most obvious approach. I mainly use `wg-quick down wg0 && wg0 up wg0`, I think you guys see where I'm coming from. I haven't dealt with systemd units yet, but I can certainly look into it and submit a corresponding patch soon. Am Mi., 17. Juni 2020 um 10:32 Uhr schrieb Eric Light : > > Oh hey that sounds like a great way to do it. Seems like it'd be simpler > than this patch set as well, which is always good. > > E > > > Q: Why is this email five sentences or less? > A: http://five.sentenc.es > > On Wed, 17 Jun 2020, at 20:19, Jason A. Donenfeld wrote: > > On Wed, Jun 17, 2020 at 2:17 AM Eric Light wrote: > > > > > > As a purely Debian user, the 'service x restart' pattern is far more > > > memorable than the syncconf method. I know personal preference isn't a > > > great reason to add a knob, but Garrit's method is probably going to be > > > much more familiar to many users. > > > > For users who want service management patterns like that, it'd > > certainly be possible to map the wg-quick strip stuff to `systemctl > > reload wg-quick@wg0.service`, for that purpose. Maybe that's something > > we should consider? > >
[PATCH 1/6] wg-quick: linux: add restart command
---
src/wg-quick/linux.bash | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index e4d4c4f..6f42b7f 100755
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -298,7 +298,7 @@ execute_hooks() {
cmd_usage() {
cat >&2 <<-_EOF
- Usage: $PROGRAM [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ]
+ Usage: $PROGRAM [ up | down | restart | save | strip ] [ CONFIG_FILE |
INTERFACE ]
CONFIG_FILE is a configuration file, whose filename is the interface
name
followed by \`.conf'. Otherwise, INTERFACE is an interface name, with
@@ -352,6 +352,11 @@ cmd_down() {
execute_hooks "${POST_DOWN[@]}"
}
+cmd_restart() {
+ cmd_down
+ cmd_up
+}
+
cmd_save() {
[[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die
"\`$INTERFACE' is not a WireGuard interface"
save_config
@@ -373,6 +378,10 @@ elif [[ $# -eq 2 && $1 == down ]]; then
auto_su
parse_options "$2"
cmd_down
+elif [[ $# -eq 2 && $1 == restart ]]; then
+ auto_su
+ parse_options "$2"
+ cmd_restart
elif [[ $# -eq 2 && $1 == save ]]; then
auto_su
parse_options "$2"
--
2.24.3 (Apple Git-128)
[PATCH 2/6] wg-quick: add restart man page
--- src/man/wg-quick.8 | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/man/wg-quick.8 b/src/man/wg-quick.8 index c693a89..01b99ff 100644 --- a/src/man/wg-quick.8 +++ b/src/man/wg-quick.8 @@ -10,6 +10,8 @@ wg-quick - set up a WireGuard interface simply | .I down | +.I restart +| .I save | .I strip @@ -24,11 +26,11 @@ wg-quick - set up a WireGuard interface simply This is an extremely simple script for easily bringing up a WireGuard interface, suitable for a few common use cases. -Use \fIup\fP to add and set up an interface, and use \fIdown\fP to tear down and remove -an interface. Running \fIup\fP adds a WireGuard interface, brings up the interface with the +Use \fIup\fP to add and set up an interface, use \fIdown\fP to tear down and remove +an interface, and use \fIrestart\fP to restart an interface. Running \fIup\fP adds a WireGuard interface, brings up the interface with the supplied IP addresses, sets up mtu and routes, and optionally runs pre/post up scripts. Running \fIdown\fP optionally saves the current configuration, removes the WireGuard interface, and optionally -runs pre/post down scripts. Running \fIsave\fP saves the configuration of an existing +runs pre/post down scripts. \fIrestart\fP simply combines the \fIup\fP and \fIdown\fP command. Running \fIsave\fP saves the configuration of an existing interface without bringing the interface down. Use \fIstrip\fP to output a configuration file with all .BR wg-quick (8)-specific -- 2.24.3 (Apple Git-128)
[PATCH 6/6] wg-quick: darwin: add restart command
---
src/wg-quick/darwin.bash | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/wg-quick/darwin.bash b/src/wg-quick/darwin.bash
index cde1b54..1d32fbe 100755
--- a/src/wg-quick/darwin.bash
+++ b/src/wg-quick/darwin.bash
@@ -418,7 +418,7 @@ execute_hooks() {
cmd_usage() {
cat >&2 <<-_EOF
- Usage: $PROGRAM [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ]
+ Usage: $PROGRAM [ up | down | restart | save | strip ] [ CONFIG_FILE |
INTERFACE ]
CONFIG_FILE is a configuration file, whose filename is the interface
name
followed by \`.conf'. Otherwise, INTERFACE is an interface name, with
@@ -478,6 +478,14 @@ cmd_down() {
execute_hooks "${POST_DOWN[@]}"
}
+cmd_restart() {
+ if ! get_real_interface || [[ " $(wg show interfaces) " != *"
$REAL_INTERFACE "* ]]; then
+ die "\`$INTERFACE' is not a WireGuard interface"
+ fi
+ cmd_down
+ cmd_up
+}
+
cmd_save() {
if ! get_real_interface || [[ " $(wg show interfaces) " != *"
$REAL_INTERFACE "* ]]; then
die "\`$INTERFACE' is not a WireGuard interface"
@@ -502,6 +510,10 @@ elif [[ $# -eq 2 && $1 == down ]]; then
auto_su
parse_options "$2"
cmd_down
+elif [[ $# -eq 2 && $1 == restart ]]; then
+ auto_su
+ parse_options "$2"
+ cmd_restart
elif [[ $# -eq 2 && $1 == save ]]; then
auto_su
parse_options "$2"
--
2.24.3 (Apple Git-128)
[PATCH 4/6] wg-quick: linux: add notice to restart command
---
src/wg-quick/linux.bash | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index 6f42b7f..b888d63 100755
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -353,6 +353,7 @@ cmd_down() {
}
cmd_restart() {
+ [[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die
"\`$INTERFACE' is not a WireGuard interface"
cmd_down
cmd_up
}
--
2.24.3 (Apple Git-128)
[PATCH] wg-quick: add restart command
This feature seems quite trivial, so I was wondering if there is any reason not to have this command implemented. I didn’t bother implementing it for android, since there is probably next to no chance of anyone using it on that platform. I’d be happy to take your feedback! Thanks, Garrit Franke Garrit Franke (6): wg-quick: linux: add restart command wg-quick: add restart man page wg-quick: freebsd: add restart command wg-quick: linux: add notice to restart command wg-quick: openbsd: add restart command wg-quick: darwin: add restart command src/man/wg-quick.8| 8 +--- src/wg-quick/darwin.bash | 14 +- src/wg-quick/freebsd.bash | 12 +++- src/wg-quick/linux.bash | 12 +++- src/wg-quick/openbsd.bash | 14 +- 5 files changed, 53 insertions(+), 7 deletions(-) -- 2.24.3 (Apple Git-128)
[PATCH 3/6] wg-quick: freebsd: add restart command
---
src/wg-quick/freebsd.bash | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/wg-quick/freebsd.bash b/src/wg-quick/freebsd.bash
index e1ee67f..81c341b 100755
--- a/src/wg-quick/freebsd.bash
+++ b/src/wg-quick/freebsd.bash
@@ -387,7 +387,7 @@ execute_hooks() {
cmd_usage() {
cat >&2 <<-_EOF
- Usage: $PROGRAM [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ]
+ Usage: $PROGRAM [ up | down | restart | save | strip ] [ CONFIG_FILE |
INTERFACE ]
CONFIG_FILE is a configuration file, whose filename is the interface
name
followed by \`.conf'. Otherwise, INTERFACE is an interface name, with
@@ -445,6 +445,12 @@ cmd_down() {
execute_hooks "${POST_DOWN[@]}"
}
+cmd_restart() {
+ [[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die
"\`$INTERFACE' is not a WireGuard interface"
+ cmd_down
+ cmd_up
+}
+
cmd_save() {
[[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die
"\`$INTERFACE' is not a WireGuard interface"
save_config
@@ -469,6 +475,10 @@ elif [[ $# -eq 2 && $1 == down ]]; then
auto_su
parse_options "$2"
cmd_down
+elif [[ $# -eq 2 && $1 == restart ]]; then
+ auto_su
+ parse_options "$2"
+ cmd_restart
elif [[ $# -eq 2 && $1 == save ]]; then
auto_su
parse_options "$2"
--
2.24.3 (Apple Git-128)
[PATCH 5/6] wg-quick: openbsd: add restart command
---
src/wg-quick/openbsd.bash | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/wg-quick/openbsd.bash b/src/wg-quick/openbsd.bash
index ffd1834..5ccba03 100755
--- a/src/wg-quick/openbsd.bash
+++ b/src/wg-quick/openbsd.bash
@@ -390,7 +390,7 @@ execute_hooks() {
cmd_usage() {
cat >&2 <<-_EOF
- Usage: $PROGRAM [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ]
+ Usage: $PROGRAM [ up | down | restart | save | strip ] [ CONFIG_FILE |
INTERFACE ]
CONFIG_FILE is a configuration file, whose filename is the interface
name
followed by \`.conf'. Otherwise, INTERFACE is an interface name, with
@@ -448,6 +448,14 @@ cmd_down() {
execute_hooks "${POST_DOWN[@]}"
}
+cmd_restart() {
+ if ! get_real_interface || [[ " $(wg show interfaces) " != *"
$REAL_INTERFACE "* ]]; then
+ die "\`$INTERFACE' is not a WireGuard interface"
+ fi
+ cmd_down
+ cmd_up
+}
+
cmd_save() {
if ! get_real_interface || [[ " $(wg show interfaces) " != *"
$REAL_INTERFACE "* ]]; then
die "\`$INTERFACE' is not a WireGuard interface"
@@ -471,6 +479,10 @@ elif [[ $# -eq 2 && $1 == down ]]; then
auto_su
parse_options "$2"
cmd_down
+elif [[ $# -eq 2 && $1 == restart ]]; then
+ auto_su
+ parse_options "$2"
+ cmd_restart
elif [[ $# -eq 2 && $1 == save ]]; then
auto_su
parse_options "$2"
--
2.24.3 (Apple Git-128)
