T4930: Allow WireGuard peers via DNS hostname

debian/vyos-1x.postinst

@@ -272,3 +272,7 @@ update-alternatives --set regulatory.db /lib/firmware/regulatory.db-upstream
 if systemctl is-active --quiet vyos-configd; then
     systemctl restart vyos-configd
 fi
+# Restart vyos-domain-resolver if running
+if systemctl is-active --quiet vyos-domain-resolver; then
+    systemctl restart vyos-domain-resolver
+fi

interface-definitions/interfaces_wireguard.xml.in

@@ -40,6 +40,19 @@
             </properties>
             <defaultValue>0</defaultValue>
           </leafNode>
+          <leafNode name="max-dns-retry">
+            <properties>
+              <help>DNS retries when resolve fails</help>
+              <valueHelp>
+                <format>u32:1-15</format>
+                <description>Maximum number of retries</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-15"/>
+              </constraint>
+            </properties>
+            <defaultValue>3</defaultValue>
+          </leafNode>
           <leafNode name="private-key">
             <properties>
               <help>Base64 encoded private key</help>
@@ -104,6 +117,18 @@
                   </constraint>
                 </properties>
               </leafNode>
+              <leafNode name="host-name">
+                <properties>
+                  <help>Hostname of tunnel endpoint</help>
+                  <valueHelp>
+                    <format>hostname</format>
+                    <description>FQDN of WireGuard endpoint</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="fqdn"/>
+                  </constraint>
+                </properties>
+              </leafNode>
               #include <include/port-number.xml.i>
               <leafNode name="persistent-keepalive">
                 <properties>

op-mode-definitions/reset-wireguard.xml.in

@@ -0,0 +1,34 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="reset">
+    <children>
+      <node name="wireguard">
+        <properties>
+          <help>Reset WireGuard Peers</help>
+        </properties>
+        <children>
+          <tagNode name="interface">
+            <properties>
+              <help>WireGuard interface name</help>
+              <completionHelp>
+                <path>interfaces wireguard</path>
+              </completionHelp>
+            </properties>
+            <command>sudo ${vyos_op_scripts_dir}/reset_wireguard.py reset_peer --interface="$4"</command>
+            <children>
+              <tagNode name="peer">
+                <properties>
+                  <help>WireGuard peer name</help>
+                  <completionHelp>
+                    <path>interfaces wireguard ${COMP_WORDS[3]} peer</path>
+                  </completionHelp>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_wireguard.py reset_peer --interface="$4" --peer="$6"</command>
+              </tagNode>
+            </children>
+          </tagNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>

python/vyos/configquery.py

@@ -1,4 +1,4 @@
-# Copyright 2021-2024 VyOS maintainers and contributors <[email protected]>
+# Copyright 2021-2025 VyOS maintainers and contributors <[email protected]>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -120,11 +120,14 @@ def list_nodes(self, path: list):
 
     def get_config_dict(self, path=[], effective=False, key_mangling=None,
                         get_first_key=False, no_multi_convert=False,
-                        no_tag_node_value_mangle=False):
+                        no_tag_node_value_mangle=False, with_defaults=False,
+                        with_recursive_defaults=False):
         return self.config.get_config_dict(path, effective=effective,
                 key_mangling=key_mangling, get_first_key=get_first_key,
                 no_multi_convert=no_multi_convert,
-                no_tag_node_value_mangle=no_tag_node_value_mangle)
+                no_tag_node_value_mangle=no_tag_node_value_mangle,
+                with_defaults=with_defaults,
+                with_recursive_defaults=with_recursive_defaults)
 
 class VbashOpRun(GenericOpRun):
     def __init__(self):

python/vyos/ifconfig/control.py

@@ -48,7 +48,7 @@ def _debug_msg (self, message):
     def _popen(self, command):
         return popen(command, self.debug)
 
-    def _cmd(self, command):
+    def _cmd(self, command, env=None):
         import re
         if 'netns' in self.config:
             # This command must be executed from default netns 'ip link set dev X netns X'
@@ -61,7 +61,7 @@ def _cmd(self, command):
                 command = command
             else:
                 command = f'ip netns exec {self.config["netns"]} {command}'
-        return cmd(command, self.debug)
+        return cmd(command, self.debug, env=env)
 
     def _get_command(self, config, name):
         """