From d344dccf3dc592242f11ef993acb9ecee8d84796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= Date: Sun, 16 May 2021 17:47:01 +0200 Subject: [PATCH] nixos/wireguard: Remove .path systemd unit for privkey. Fixes #123203 As per `man systemd.path`: > When a service unit triggered by a path unit terminates > (regardless whether it exited successfully or failed), > monitored paths are checked immediately again, > **and the service accordingly restarted instantly**. Thus the existence of the path unit made it impossible to stop the wireguard service using e.g. systemctl stop wireguard-wg0.service Systemd path units are not intended for program inputs such as private key files. This commit simply removes this usage; the private key is still generated by the `generateKeyServiceUnit`. --- nixos/modules/services/networking/wireguard.nix | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 471f4bf8b33f..2b51770a5aa1 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -244,17 +244,6 @@ let }; - generatePathUnit = name: values: - assert (values.privateKey == null); - assert (values.privateKeyFile != null); - nameValuePair "wireguard-${name}" - { - description = "WireGuard Tunnel - ${name} - Private Key"; - requiredBy = [ "wireguard-${name}.service" ]; - before = [ "wireguard-${name}.service" ]; - pathConfig.PathExists = values.privateKeyFile; - }; - generateKeyServiceUnit = name: values: assert values.generatePrivateKeyFile; nameValuePair "wireguard-${name}-key" @@ -509,9 +498,6 @@ in // (mapAttrs' generateKeyServiceUnit (filterAttrs (name: value: value.generatePrivateKeyFile) cfg.interfaces)); - systemd.paths = mapAttrs' generatePathUnit - (filterAttrs (name: value: value.privateKeyFile != null) cfg.interfaces); - }); }