From 612d174160e7cc6a33bbe2e7c48e9cadb58d5680 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 26 Apr 2023 15:37:24 +0200 Subject: [PATCH] wgsd-client: Add systemd timer/service example --- cmd/wgsd-client/systemd/README.md | 16 ++++++++++++++++ .../etc/systemd/system/wgsd-client@.service | 17 +++++++++++++++++ .../etc/systemd/system/wgsd-client@.timer | 11 +++++++++++ .../systemd/etc/wgsd/wg-example.template.env | 2 ++ 4 files changed, 46 insertions(+) create mode 100644 cmd/wgsd-client/systemd/README.md create mode 100644 cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.service create mode 100644 cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.timer create mode 100644 cmd/wgsd-client/systemd/etc/wgsd/wg-example.template.env diff --git a/cmd/wgsd-client/systemd/README.md b/cmd/wgsd-client/systemd/README.md new file mode 100644 index 0000000..da0dcba --- /dev/null +++ b/cmd/wgsd-client/systemd/README.md @@ -0,0 +1,16 @@ +# wgsd-client systemd Integration + +systemd timers can be used to periodically invoke `wgsd-client`. + +## Installation + +* Copy `wgsd-client@.service` to `/etc/systemd/system/`. +* Copy `wgsd-client@.timer` to `/etc/systemd/system/`. + +## Configuration + +* To configure `wgsd-client` for WireGuard interface `wg-foo` copy `wg-example.template.env` to `/etc/wgsd/wg-foo.env` and adjust variables accordingly. + +## Activation + +* To activate periodic `wgsd-client` invocation for WireGuard interface `wg-foo` run `systemctl enable wgsd-client@wg-foo.timer`. diff --git a/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.service b/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.service new file mode 100644 index 0000000..4658c48 --- /dev/null +++ b/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.service @@ -0,0 +1,17 @@ +[Unit] +Description=WireGuard Service Discovery (wgsd) Client +Wants=network-online.target +After=network-online.target + +[Service] +PermissionsStartOnly=true +LimitNOFILE=512 +LimitNPROC=16 +CapabilityBoundingSet=CAP_NET_ADMIN +AmbientCapabilities=CAP_NET_ADMIN +NoNewPrivileges=true +User=wgsd-client +Group=wgsd-client +DynamicUser=true +EnvironmentFile=/etc/wgsd/%i.env +ExecStart=/usr/local/bin/wgsd-client -device %i -dns $DNS -zone $ZONE diff --git a/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.timer b/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.timer new file mode 100644 index 0000000..eb2aee3 --- /dev/null +++ b/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Run WireGuard Service Discovery (wgsd) Client + +[Timer] +OnActiveSec=10 +OnUnitActiveSec=45 +AccuracySec=1s +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/cmd/wgsd-client/systemd/etc/wgsd/wg-example.template.env b/cmd/wgsd-client/systemd/etc/wgsd/wg-example.template.env new file mode 100644 index 0000000..9451d13 --- /dev/null +++ b/cmd/wgsd-client/systemd/etc/wgsd/wg-example.template.env @@ -0,0 +1,2 @@ +DNS=10.13.37.1:5353 +ZONE=wg.example.net.