diff --git a/hosts/tatos/services/wireguard/default.nix b/hosts/tatos/services/wireguard/default.nix
index a53293c..55f678e 100644
--- a/hosts/tatos/services/wireguard/default.nix
+++ b/hosts/tatos/services/wireguard/default.nix
@@ -6,6 +6,8 @@ let
istalData = import (hostsPath + "/istal/data.secret.nix");
tatosData = import (hostsPath + "/tatos/data.secret.nix");
port = tatosData.wireguard.port;
+
+ update_ru_routes = pkgs.callPackage ./update_ru_routes.nix { };
in
{
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
@@ -20,16 +22,24 @@ in
networking.firewall.allowedUDPPorts = [ port ];
- services.cron =
- let update_ru_routes = pkgs.callPackage ./update_ru_routes.nix { }; in
- let cmd = "${update_ru_routes}/bin/update_ru_routes > /root/update_routes.log 2>&1"; in
- {
- enable = true;
- systemCronJobs = [
- "@reboot root sleep 30 && ${cmd}"
- "0 3 * * mon root ${cmd}"
- ];
+ systemd.services.geoip-update = {
+ script = ''
+ set -eu
+ ${update_ru_routes}/bin/update_ru_routes > /root/update_routes.log
+ '';
+ serviceConfig = {
+ Type = "oneshot";
+ User = "root";
};
+ restartTriggers = [ update_ru_routes ];
+ };
+ systemd.timers.geoip-update = {
+ wantedBy = [ "timers.target" ];
+ timerConfig = {
+ OnBootSec = "1m";
+ OnCalendar = "mon 3:00";
+ };
+ };
networking.wg-quick.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
diff --git a/hosts/tatos/services/wireguard/update_ru_routes.nix b/hosts/tatos/services/wireguard/update_ru_routes.nix
index d015b15..0004c8e 100644
--- a/hosts/tatos/services/wireguard/update_ru_routes.nix
+++ b/hosts/tatos/services/wireguard/update_ru_routes.nix
@@ -6,6 +6,7 @@
, iptables
, ipcalc
, jq
+, iproute2
, gawk
, curl
}:
@@ -19,7 +20,7 @@ in
symlinkJoin {
name = "update_ru_routes";
- paths = [ update_ru_routes_unwrapped ] ++ [ bind.dnsutils iptables jq gawk curl ipcalc ];
+ paths = [ update_ru_routes_unwrapped ] ++ [ bind.dnsutils iptables jq gawk curl ipcalc iproute2 ];
buildInputs = [ makeWrapper ];
postBuild = ''