feat: add wireguard watchdog

system/dev/dn-lap/sops/sops-conf.nix

@@ -1,7 +1,2 @@
 {
-  sops = {
-    secrets = {
-      "wireguard/wg0.conf" = { };
-    };
-  };
 }

system/dev/dn-pre7780/services/default.nix

@@ -1,7 +1,7 @@
 {
   imports = [
     ../../../modules/postgresql.nix
-    ./mail.nix
+    # ./mail.nix
     ./nginx.nix
     ./wireguard.nix
     # ./nextcloud.nix

system/dev/dn-pre7780/sops/sops-conf.nix

@@ -5,8 +5,6 @@ in
 {
   sops = {
     secrets = {
-      "wireguard/wg0.conf" = { };
-
       "lam/env" = { };
 
       "netbird/oidc/secret" = mkIf config.services.netbird.server.dashboard.enable {

system/dev/skydrive-lap/sops/sops-conf.nix

@@ -1,8 +1,3 @@
-{ config, lib, ... }:
+{ ... }:
 {
-  sops = {
-    secrets = {
-      "wireguard/wg0.conf" = { };
-    };
-  };
 }

system/modules/shells/noctalia/bar.nix

@@ -1,13 +1,13 @@
 {
-  backgroundOpacity = 1;
+  backgroundOpacity = 0.25;
-  capsuleOpacity = 1;
+  capsuleOpacity = 0;
   density = "comfortable";
   exclusive = true;
   floating = true;
   marginHorizontal = 0.25;
   marginVertical = 0.25;
   outerCorners = false;
-  postition = "top";
+  position = "top";
   showCapsule = true;
   widgets = {
     center = [

system/modules/shells/noctalia/default.nix

@@ -32,7 +32,7 @@ in
         enable = true;
         systemd.enable = true;
         settings = {
-          settingsVersion = 25;
+          settingsVersion = 26;
           appLauncher = {
             customLaunchPrefix = "";
             customLaunchPrefixEnabled = false;
@@ -61,18 +61,10 @@ in
           brightness = {
             brightnessStep = 5;
             enableDdcSupport = false;
-            enforceMinium = true;
+            enforceMinimum = true;
           };
           calendar = {
             cards = [
-              {
-                enabled = true;
-                id = "banner-card";
-              }
-              {
-                enabled = true;
-                id = "calendar-card";
-              }
               {
                 enabled = true;
                 id = "timer-card";
@@ -81,6 +73,14 @@ in
                 enabled = true;
                 id = "weather-card";
               }
+              {
+                enabled = true;
+                id = "calendar-header-card";
+              }
+              {
+                enabled = true;
+                id = "calendar-month-card";
+              }
             ];
           };
           changelog = {
@@ -101,14 +101,13 @@ in
             backgroundOpacity = 1;
             colorizeIcons = false;
             displayMode = "auto_hide";
-            enabled = true;
+            enabled = false;
             floatingRatio = 1;
             monitors = [
             ];
             onlySameOutput = true;
             pinnedApps = [
             ];
-            radiusRatio = 0.68;
             size = 1;
           };
           general = {
@@ -116,6 +115,8 @@ in
             animationDisabled = false;
             animationSpeed = 1.5;
             avatarImage = "${config.home.homeDirectory}/.face";
+            boxRadiusRatio = 0.68;
+            iRadiusRatio = 0.68;
             compactLockScreen = false;
             dimmerOpacity = 0.4;
             enableShadows = true;
@@ -206,7 +207,7 @@ in
             fontDefaultScale = 1;
             fontFixed = config.stylix.fonts.monospace.name;
             fontFixedScale = 1;
-            panelBackgroundOpacity = 1;
+            panelBackgroundOpacity = 0.25;
             panelsAttachedToBar = true;
             settingsPanelAttachToBar = true;
             tooltipsEnabled = true;

system/modules/wireguard.nix

@@ -1,12 +1,130 @@
 {
   config,
+  lib,
+  pkgs,
   ...
 }:
+let
+  inherit (lib) getExe;
+
+  notifyUser = pkgs.writeShellScriptBin "wg0-watchdog-notify-user" ''
+    is_wg_active() {
+      systemctl is-active wg-quick-wg0.service >/dev/null 2>&1
+      return $?
+    }
+
+    if is_wg_active; then
+      notify-send -u critical -a Wireguard "Endpoint up, wireguard resumed."
+    else
+      notify-send -u critical -a Wireguard "Endpoint down, wireguard stopped."
+    fi
+  '';
+
+  watchDog = pkgs.writeShellScriptBin "wg0-watchdog" ''
+    TARGET_CONF="$1"
+    PING_INTERVAL=1
+    PING_TIMEOUT=1
+    PING_COUNT=1
+
+    set -euo pipefail
+
+    error_with_msg() {
+      echo "$1"
+      echo "Exiting"
+      exit 1
+    }
+
+    notify() {
+      users=$(loginctl list-users --json=short | jq -r '.[].user')
+      for user in $users; do
+        systemctl --machine=danny@.host --user start wg0-notify-user
+      done
+    }
+
+    get_ip_from_conf() {
+      sed -n "s/Endpoint[[:space:]]*=[[:space:]]*\(.*\):[0-9]*/\\1/p" "$1"
+    }
+
+    check_health() {
+      ping -c "$PING_COUNT" -W "$PING_TIMEOUT" $1 >/dev/null 2>&1
+      return $?
+    }
+
+    is_wg_active() {
+      systemctl is-active wg-quick-wg0.service >/dev/null 2>&1
+      return $?
+    }
+
+    start_wg() {
+      systemctl start wg-quick-wg0.service >/dev/null
+    }
+
+    stop_wg() {
+      systemctl stop wg-quick-wg0.service >/dev/null
+    }
+
+    if [ ! -e "$TARGET_CONF" ]; then
+      error_with_msg "Target wireguard configuration not exist: $TARGET_CONF"
+    fi
+
+    TARGET_IP=$(get_ip_from_conf "$TARGET_CONF")
+
+    if [ -z "$TARGET_IP" ]; then
+      error_with_msg "IP not found"
+    fi
+
+    echo "Start detecting..."
+
+    while true; do
+      if check_health "$TARGET_IP"; then
+        if ! is_wg_active; then
+          start_wg
+          echo "Endpoint up, wireguard resumed."
+          notify
+        fi
+      else
+        if is_wg_active; then
+          stop_wg
+          echo "Endpoint down, wireguard stopped."
+          notify
+        fi
+      fi
+
+      sleep $PING_INTERVAL
+    done
+  '';
+in
 {
+  sops.secrets."wireguard/wg0.conf" = { };
+
   networking = {
     firewall = {
       allowedUDPPorts = [ 51820 ];
     };
     wg-quick.interfaces.wg0.configFile = config.sops.secrets."wireguard/wg0.conf".path;
   };
+
+  systemd.services.wg0-watchdog = {
+    wantedBy = [ "wg-quick-wg0.service" ];
+    after = [ "wg-quick-wg0.service" ];
+    path = with pkgs; [
+      jq
+    ];
+    serviceConfig = {
+      ExecStart = "${getExe watchDog} \"${config.sops.secrets."wireguard/wg0.conf".path}\"";
+      RestartSec = 5;
+      TimeoutStopSec = 0;
+    };
+  };
+
+  systemd.user.services.wg0-notify-user = {
+    wantedBy = [ "graphical-session.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${getExe notifyUser}";
+    };
+    path = with pkgs; [
+      libnotify
+    ];
+  };
 }