From 87b049ac83717001e7600a4b32e086e3b6ea6380 Mon Sep 17 00:00:00 2001
From: Egor Tensin <egor@tensin.name>
Date: Sat, 23 Mar 2024 19:25:36 +0100
Subject: wireguard: add dependency on wg-quick service also

---
 roles/wireguard/handlers/main.yml                  |  5 ++++
 roles/wireguard/tasks/main.yml                     | 30 +++++++++++++++++++++-
 .../templates/depend_service_wg-quick.conf.j2      |  7 +++++
 3 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 roles/wireguard/handlers/main.yml
 create mode 100644 roles/wireguard/templates/depend_service_wg-quick.conf.j2

diff --git a/roles/wireguard/handlers/main.yml b/roles/wireguard/handlers/main.yml
new file mode 100644
index 0000000..390e740
--- /dev/null
+++ b/roles/wireguard/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: Reload systemd daemon
+  become: true
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  listen: wireguard_reload
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 4deea91..f48f8cb 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -22,9 +22,37 @@
         state: restarted
       when: config.changed
 
-- name: Set up service dependencies
+- name: Set up service dependencies for the interface
   ansible.builtin.include_role:
     name: systemd_depend_iface
   vars:
     systemd_depend_iface_name: '{{ wg_name }}'
     systemd_depend_iface_services: '{{ wg_dependent_services }}'
+
+- name: Create override directory for services
+  become: true
+  ansible.builtin.file:
+    path: '/etc/systemd/system/{{ service }}.service.d'
+    state: directory
+    owner: root
+    group: root
+    mode: '755'
+  loop: '{{ wg_dependent_services }}'
+  loop_control:
+    loop_var: service
+
+- name: Set up service dependencies for wg-quick
+  become: true
+  ansible.builtin.template:
+    src: depend_service_wg-quick.conf.j2
+    dest: '/etc/systemd/system/{{ service }}.service.d/depend_service_wg-quick@{{ wg_name }}.conf'
+    owner: root
+    group: root
+    mode: '644'
+  notify: wireguard_reload
+  loop: '{{ wg_dependent_services }}'
+  loop_control:
+    loop_var: service
+
+- name: Reload systemd services if necessary
+  ansible.builtin.meta: flush_handlers
diff --git a/roles/wireguard/templates/depend_service_wg-quick.conf.j2 b/roles/wireguard/templates/depend_service_wg-quick.conf.j2
new file mode 100644
index 0000000..b40e6eb
--- /dev/null
+++ b/roles/wireguard/templates/depend_service_wg-quick.conf.j2
@@ -0,0 +1,7 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+# This is required so that systemd actually starts the wg-quick service before
+# the dependants. We also set up the actual dependency on the interface so that
+# the dependants actually start after the interface is up.
+After=wg-quick@{{ wg_name }}.service
-- 
cgit v1.2.3