Wireguard tunnel using initrd-network.service

[zhulik]

Hello!

Thanks for the awesome project!

I have a small question: Is it possible to setup a wireguard tunnel from initrd using initrd-network.service ?

If it is, then may I have some hints on how to achieve it? It it's not, then I'd like to know what exactly is missing, maybe I can help with implementation.

Thank you!

[zhulik]

Thanks to @Andrei-Pozolotin, I used https://github.com/random-archer/mkinitcpio-systemd-tool/issues/76#issuecomment-678657756 as an example, the solution is very easy

/etc/systemd/system/initrd-network.service.d/override.conf:

[X-SystemdTool]
InitrdCall=add_module wireguard
InitrdPath=/etc/systemd/network/99-client.netdev source=/etc/systemd/network/99-client.netdev
InitrdPath=/etc/systemd/network/99-client.network source=/etc/systemd/network/99-client.network

Where /etc/systemd/network/99-client.netdev and /etc/systemd/network/99-client.network are tunnel config files described in the wiki

[Andrei-Pozolotin]

@zhulik Gleb: please add a wiki page here with a bit more complete instructions for others to re-use

[kescherCode]

Edit: The problem described in this comment exists, but my solution to it is subpar.

Timesync problem with WireGuard

Hint: With ALARM on Raspberry Pi (which, unless added on later, does not have an RTC), the system time will be wrong. This means that the WireGuard connection will simply not work. However, there is a way to remedy this: ``` # /etc/systemd/system/initrd-tinysshd.service.d/override.conf [Service] ExecStartPre=/usr/bin/busybox ntpd -q -p ``` -p can also be specified multiple times. I've chosen the tinysshd service for this, but any other service that runs explicitly after `initrd-network.service` will also work for this.