diff --git a/nixos/modules/services/networking/wireguard-networkd.nix b/nixos/modules/services/networking/wireguard-networkd.nix
index 0dc9f5b8d91c..08a5f635e331 100644
--- a/nixos/modules/services/networking/wireguard-networkd.nix
+++ b/nixos/modules/services/networking/wireguard-networkd.nix
@@ -101,15 +101,22 @@ let
         iproute2
         systemd
       ];
-      # networkd doesn't provide a mechanism for refreshing endpoints.
+      # networkd doesn't automatically refresh peer endpoints.
       # See: https://github.com/systemd/systemd/issues/9911
-      # This hack does the job but takes down the whole interface to do it.
       script = ''
-        ip link delete ${name} || :
+        touch /etc/systemd/network/40-${name}.netdev
         networkctl reload
       '';
     };
 
+  # netdev config must be a real file (not a symlink to a store file)
+  # so the refresh service can 'touch' it.
+  generateRefreshNetdevMode =
+    name: interface:
+    nameValuePair "systemd/network/40-${name}.netdev" {
+      mode = "0444";
+    };
+
 in
 {
   meta.maintainers = [ lib.maintainers.majiir ];
@@ -225,6 +232,7 @@ in
       networks = mapAttrs generateNetwork cfg.interfaces;
     };
 
+    environment.etc = mapAttrs' generateRefreshNetdevMode refreshEnabledInterfaces;
     systemd.timers = mapAttrs' generateRefreshTimer refreshEnabledInterfaces;
     systemd.services = (mapAttrs' generateRefreshService refreshEnabledInterfaces) // {
       systemd-networkd.serviceConfig.LoadCredential = flatten (
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix
index 7d266d483fb1..771301852745 100644
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -215,15 +215,6 @@ let
             This option can be set or overridden for individual peers.
 
             Setting this to `0` disables periodic refresh.
-
-            ::: {.warning}
-            When {option}`networking.wireguard.useNetworkd` is enabled, this
-            option deletes the Wireguard interface and brings it back up by
-            reconfiguring the network with `networkctl reload` on every refresh.
-            This could have adverse effects on your network and cause brief
-            connectivity blips. See [systemd/systemd#9911](https://github.com/systemd/systemd/issues/9911)
-            for an upstream feature request that can make this less hacky.
-            :::
           '';
         };