profiles/wg-clerie: Refresh endpoint selection with systemd timer

2025-03-21 18:19:44 +01:00 · 2025-03-21 18:19:44 +01:00 · 552d2a964c
commit 552d2a964c
parent 9e7deadfb5
1 changed files with 44 additions and 1 deletions
--- a/profiles/wg-clerie/default.nix
+++ b/profiles/wg-clerie/default.nix
@ -65,7 +65,6 @@ in
        {
          PublicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=";
          AllowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ];
-          Endpoint = "78.47.183.82:51820";
          PersistentKeepalive = 25;
        }
      ];
@ -166,5 +165,49 @@ in
      ];
    };

+    systemd.services."wg-clerie-endpoint-refresh" = {
+      serviceConfig = {
+        Type = "oneshot";
+      };
+
+      path = [ pkgs.wireguard-tools pkgs.iproute2 ];
+
+      script = ''
+        set -euo pipefail
+
+        # Don't do anything as long as interface is not configured
+        if ! wg show wg-clerie endpoints > /dev/null; then
+          exit 0
+        fi
+
+        endpoint=""
+
+        if ip route get 2a01:4f8:c0c:15f1::1 ipproto udp dport 51820 &>/dev/null; then
+          endpoint="[2a01:4f8:c0c:15f1::1]:51820"
+        else
+          endpoint="78.47.183.82:51820"
+        fi
+
+        wg set wg-clerie peer "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=" endpoint "''${endpoint}"
+      '';
+
+      requires = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+    };
+
+    systemd.timers."wg-clerie-endpoint-refresh" = {
+      wantedBy = [ "timers.target" ];
+
+      timerConfig = {
+        OnCalendar = "*-*-* *:*:0/5";
+        RandomizedDelaySec = "5s";
+      };
+
+      requires = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+    };
+
+    environment.systemPackages = [ pkgs.wireguard-tools ];
+
  };
 }