From b8f5007dbcb0a9393016fec83a27b5a017327d2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Tue, 9 Apr 2024 13:45:50 +0200
Subject: wireguard: drop dean as endpoint

This doesn't work correctly because dean doesn't have public IP and thus
can't be discovered easilly.
---
 nixos/modules/openvpn.nix | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

(limited to 'nixos/modules/openvpn.nix')

diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix
index 789d430..6a21721 100644
--- a/nixos/modules/openvpn.nix
+++ b/nixos/modules/openvpn.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }: let
   inherit (lib) mkOption types mkIf;
@@ -27,9 +28,25 @@ in {
         config = "config /run/secrets/old.ovpn";
       };
       elektroline = mkIf cnf.elektroline {
-        autoStart = false;
         config = "config /run/secrets/elektroline.ovpn";
-        updateResolvConf = true;
+        up = ''
+          domain=""
+          dns=()
+          for optionname in ''${!foreign_option_*} ; do
+            read -r p1 p2 p3 <<<"''${!optionname}"
+            [[ "$p1" == "dhcp-option" ]] || continue
+            case "$p2" in
+              DNS)
+                dns+=("$p3")
+                ;;
+              DOMAIN)
+                domain="$p3"
+                ;;
+            esac
+          done
+          ${pkgs.systemd}/bin/resolvectl dns "$dev" "''${dns[@]}"
+          ${pkgs.systemd}/bin/resolvectl domain "$dev" "~$domain"
+        '';
       };
     };
   };
-- 
cgit v1.2.3