wireguard: let tunnel wait for private network

2024-03-27 15:22:46 +01:00 · 2024-03-27 15:22:46 +01:00 · b9f0063993
parent e609bafe8b
commit b9f0063993
2 changed files with 22 additions and 5 deletions
--- a/modules/wireguard/private.nix
+++ b/modules/wireguard/private.nix
@ -45,7 +45,7 @@ in {
    networking.firewall.allowedUDPPorts = [51899];

    systemd.services.wireguard-wg-private = {
-      after = [
+      wantedBy = [
        "network.target"
        "network-online.target"
        "nss-lookup.target"
@ -54,7 +54,7 @@ in {
      serviceConfig = {
        Type = mkForce "simple";
        Restart = "on-failure";
-        RestartSec = "30";
+        RestartSec = "10";
      };

      environment = {
@ -98,7 +98,6 @@ in {
              "::/0"
            ] else []);
            endpoint = "vpn.b12f.io:51899";
-            persistentKeepalive = 30;
            dynamicEndpointRefreshSeconds = 30;
          }
        ];
--- a/modules/wireguard/tunnel.nix
+++ b/modules/wireguard/tunnel.nix
@ -41,8 +41,26 @@ in {
  config = mkIf (length cfg.ownIPs != 0){
    networking.firewall.allowedUDPPorts = [51820];

-    systemd.services.wireguard-wg-tunnel = mkIf (length config.pub-solar.wireguard.private.ownIPs != 0) {
-      after = [ "wireguard-wg-private.service" ];
+    systemd.services.wireguard-wg-tunnel = {
+      after = [
+        "network.target"
+        "network-online.target"
+        "nss-lookup.target"
+      ];
+
+      wants = [
+        "wireguard-wg-private.service"
+      ];
+
+      preStart = ''
+        while true; do
+          if ${pkgs.netcat}/bin/nc -w 5 -z 10.13.12.7 22 2>/dev/null; then
+            exit 0;
+          else
+            sleep 1;
+          fi
+        done;
+      '';

      serviceConfig = {
        Type = mkForce "simple";