wireguard: let tunnel wait for private network

modules/wireguard/private.nix

@@ -45,7 +45,7 @@ in {
     networking.firewall.allowedUDPPorts = [51899];
 
     systemd.services.wireguard-wg-private = {
-      after = [
+      wantedBy = [
         "network.target"
         "network-online.target"
         "nss-lookup.target"
@@ -54,7 +54,7 @@ in {
       serviceConfig = {
         Type = mkForce "simple";
         Restart = "on-failure";
-        RestartSec = "30";
+        RestartSec = "10";
       };
 
       environment = {
@@ -98,7 +98,6 @@ in {
               "::/0"
             ] else []);
             endpoint = "vpn.b12f.io:51899";
-            persistentKeepalive = 30;
             dynamicEndpointRefreshSeconds = 30;
           }
         ];

modules/wireguard/tunnel.nix

@@ -41,8 +41,26 @@ in {
   config = mkIf (length cfg.ownIPs != 0){
     networking.firewall.allowedUDPPorts = [51820];
 
-    systemd.services.wireguard-wg-tunnel = mkIf (length config.pub-solar.wireguard.private.ownIPs != 0) {
+    systemd.services.wireguard-wg-tunnel = {
-      after = [ "wireguard-wg-private.service" ];
+      after = [
+        "network.target"
+        "network-online.target"
+        "nss-lookup.target"
+      ];
+
+      wants = [
+        "wireguard-wg-private.service"
+      ];
+
+      preStart = ''
+        while true; do
+          if ${pkgs.netcat}/bin/nc -w 5 -z 10.13.12.7 22 2>/dev/null; then
+            exit 0;
+          else
+            sleep 1;
+          fi
+        done;
+      '';
 
       serviceConfig = {
         Type = mkForce "simple";