From 552d2a964c80e9f45b9ba25b76093d7664cd2560 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 21 Mar 2025 18:19:44 +0100
Subject: [PATCH 1/2] profiles/wg-clerie: Refresh endpoint selection with
 systemd timer

---
 profiles/wg-clerie/default.nix | 45 +++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/profiles/wg-clerie/default.nix b/profiles/wg-clerie/default.nix
index 9ae527e..e6efad1 100644
--- a/profiles/wg-clerie/default.nix
+++ b/profiles/wg-clerie/default.nix
@@ -65,7 +65,6 @@ in
         {
           PublicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=";
           AllowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ];
-          Endpoint = "78.47.183.82:51820";
           PersistentKeepalive = 25;
         }
       ];
@@ -166,5 +165,49 @@ in
       ];
     };
 
+    systemd.services."wg-clerie-endpoint-refresh" = {
+      serviceConfig = {
+        Type = "oneshot";
+      };
+
+      path = [ pkgs.wireguard-tools pkgs.iproute2 ];
+
+      script = ''
+        set -euo pipefail
+
+        # Don't do anything as long as interface is not configured
+        if ! wg show wg-clerie endpoints > /dev/null; then
+          exit 0
+        fi
+
+        endpoint=""
+
+        if ip route get 2a01:4f8:c0c:15f1::1 ipproto udp dport 51820 &>/dev/null; then
+          endpoint="[2a01:4f8:c0c:15f1::1]:51820"
+        else
+          endpoint="78.47.183.82:51820"
+        fi
+
+        wg set wg-clerie peer "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=" endpoint "''${endpoint}"
+      '';
+
+      requires = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+    };
+
+    systemd.timers."wg-clerie-endpoint-refresh" = {
+      wantedBy = [ "timers.target" ];
+
+      timerConfig = {
+        OnCalendar = "*-*-* *:*:0/5";
+        RandomizedDelaySec = "5s";
+      };
+
+      requires = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+    };
+
+    environment.systemPackages = [ pkgs.wireguard-tools ];
+
   };
 }

From 3d66c503925142e88d02c522cc15aca4a6846d50 Mon Sep 17 00:00:00 2001
From: Flake Update Bot <flake-update-bot@clerie.de>
Date: Sat, 22 Mar 2025 03:03:05 +0100
Subject: [PATCH 2/2] Update nixpkgs 2025-03-22-02-03

---
 flake.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index e7345fc..e8dd9f5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -533,11 +533,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1742069588,
-        "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
+        "lastModified": 1742422364,
+        "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
+        "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc",
         "type": "github"
       },
       "original": {