ipsec: T3643: move swanctl.conf to /run

This is the completion of commit 50a742b5 ("IPSec: T3643: Fix path for
swanctl.conf file") that moves the generated swanctl file from non-volatile to
a volatile (tmpfs backed) storage like we do for all out configuration files.

Thus it is ensured after a reboot or service deprecation there are no accidential
leftovers from previous configurations stored on the system.

2 files changed, 8 insertions, 1 deletions

diff --git a/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook b/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook
index a7a9a2ce6..7b3a18afa 100755
--- a/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook
+++ b/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook
@@ -38,7 +38,7 @@ import re
 from vyos.util import call
 from vyos.util import cmd
 
-SWANCTL_CONF="/etc/swanctl/swanctl.conf"
+SWANCTL_CONF="/run/swanctl/swanctl.conf"
 
 def getlines(file):
     with open(file, 'r') as f:
diff --git a/src/etc/systemd/system/ipsec.service.d/override.conf b/src/etc/systemd/system/ipsec.service.d/override.conf
new file mode 100644
index 000000000..e8c0872b5
--- /dev/null
+++ b/src/etc/systemd/system/ipsec.service.d/override.conf
@@ -0,0 +1,7 @@
+[Unit]
+ConditionPathExists=/run/swanctl/swanctl.conf
+After=
+After=vyos-router.service
+
+[Service]
+Environment="SWANCTL_DIR=/run/swanctl"