host/tatos: use systemd timers instead of cron to run geoip updates

hosts/tatos/services/wireguard/default.nix

@@ -6,6 +6,8 @@ let
   istalData = import (hostsPath + "/istal/data.secret.nix");
   tatosData = import (hostsPath + "/tatos/data.secret.nix");
   port = tatosData.wireguard.port;
+
+  update_ru_routes = pkgs.callPackage ./update_ru_routes.nix { };
 in
 {
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
@@ -20,16 +22,24 @@ in
 
   networking.firewall.allowedUDPPorts = [ port ];
 
-  services.cron =
-    let update_ru_routes = pkgs.callPackage ./update_ru_routes.nix { }; in
-    let cmd = "${update_ru_routes}/bin/update_ru_routes > /root/update_routes.log 2>&1"; in
-    {
-      enable = true;
-      systemCronJobs = [
-        "@reboot      root  sleep 30 && ${cmd}"
-        "0 3 * * mon  root  ${cmd}"
-      ];
+  systemd.services.geoip-update = {
+    script = ''
+      set -eu
+      ${update_ru_routes}/bin/update_ru_routes > /root/update_routes.log
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
     };
+    restartTriggers = [ update_ru_routes ];
+  };
+  systemd.timers.geoip-update = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnBootSec = "1m";
+      OnCalendar = "mon 3:00";
+    };
+  };
 
   networking.wg-quick.interfaces = {
     # "wg0" is the network interface name. You can name the interface arbitrarily.

hosts/tatos/services/wireguard/update_ru_routes.nix

@@ -6,6 +6,7 @@
 , iptables
 , ipcalc
 , jq
+, iproute2
 , gawk
 , curl
 }:
@@ -19,7 +20,7 @@ in
 symlinkJoin {
   name = "update_ru_routes";
 
-  paths = [ update_ru_routes_unwrapped ] ++ [ bind.dnsutils iptables jq gawk curl ipcalc ];
+  paths = [ update_ru_routes_unwrapped ] ++ [ bind.dnsutils iptables jq gawk curl ipcalc iproute2 ];
   buildInputs = [ makeWrapper ];
 
   postBuild = ''