From 552d2a964c80e9f45b9ba25b76093d7664cd2560 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 21 Mar 2025 18:19:44 +0100
Subject: [PATCH] profiles/wg-clerie: Refresh endpoint selection with systemd
timer
---
profiles/wg-clerie/default.nix | 45 +++++++++++++++++++++++++++++++++-
1 file changed, 44 insertions(+), 1 deletion(-)
diff --git a/profiles/wg-clerie/default.nix b/profiles/wg-clerie/default.nix
index 9ae527e..e6efad1 100644
--- a/profiles/wg-clerie/default.nix
+++ b/profiles/wg-clerie/default.nix
@@ -65,7 +65,6 @@ in
{
PublicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=";
AllowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ];
- Endpoint = "78.47.183.82:51820";
PersistentKeepalive = 25;
}
];
@@ -166,5 +165,49 @@ in
];
};
+ systemd.services."wg-clerie-endpoint-refresh" = {
+ serviceConfig = {
+ Type = "oneshot";
+ };
+
+ path = [ pkgs.wireguard-tools pkgs.iproute2 ];
+
+ script = ''
+ set -euo pipefail
+
+ # Don't do anything as long as interface is not configured
+ if ! wg show wg-clerie endpoints > /dev/null; then
+ exit 0
+ fi
+
+ endpoint=""
+
+ if ip route get 2a01:4f8:c0c:15f1::1 ipproto udp dport 51820 &>/dev/null; then
+ endpoint="[2a01:4f8:c0c:15f1::1]:51820"
+ else
+ endpoint="78.47.183.82:51820"
+ fi
+
+ wg set wg-clerie peer "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=" endpoint "''${endpoint}"
+ '';
+
+ requires = [ "network-online.target" ];
+ after = [ "network-online.target" ];
+ };
+
+ systemd.timers."wg-clerie-endpoint-refresh" = {
+ wantedBy = [ "timers.target" ];
+
+ timerConfig = {
+ OnCalendar = "*-*-* *:*:0/5";
+ RandomizedDelaySec = "5s";
+ };
+
+ requires = [ "network-online.target" ];
+ after = [ "network-online.target" ];
+ };
+
+ environment.systemPackages = [ pkgs.wireguard-tools ];
+
};
}