From af0ac3bfbf86f3a6823e8e9578707e86a2e35464 Mon Sep 17 00:00:00 2001
From: Menno van Leeuwen <menno@vleeuwen.me>
Date: Tue, 5 Nov 2024 23:05:27 +0100
Subject: [PATCH] changed vpn docker to a systemd service dockerized

---
 config/nixos/docker/vpn.nix | 31 ++++++++++++++-----------------
 config/nixos/docker/vpn.yml | 18 ++++++++++++++++++
 2 files changed, 32 insertions(+), 17 deletions(-)
 create mode 100644 config/nixos/docker/vpn.yml

diff --git a/config/nixos/docker/vpn.nix b/config/nixos/docker/vpn.nix
index b09bf3e..952d1ce 100644
--- a/config/nixos/docker/vpn.nix
+++ b/config/nixos/docker/vpn.nix
@@ -1,22 +1,19 @@
 { config, pkgs, ... }:
+
 {
-  services.docker-compose = {
-    enable = true;
-    containers = {
-      wireguard = {
-        image = "lscr.io/linuxserver/wireguard:latest";
-        containerName = "wireguard";
-        capAdd = [ "NET_ADMIN" ];
-        environment = {
-          PEERS = "fold6,pc,laptop";
-        };
-        volumes = [ "./wireguard:/config" ];
-        ports = [ "51820:51820/udp" ];
-        sysctls = {
-          "net.ipv4.conf.all.src_valid_mark" = 1;
-        };
-        restartPolicy = "unless-stopped";
-      };
+  environment.etc."docker/vpn/docker-compose.yml".source = ./vpn.yml;
+
+  systemd.services.wireguard = {
+    description = "Wireguard Docker Compose Service";
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    serviceConfig = {
+      ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f /etc/docker/vpn/docker-compose.yml up";
+      ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f /etc/docker/vpn/docker-compose.yml down";
+      WorkingDirectory = "/etc/docker/vpn";
+      Restart = "always";
+      RestartSec = 10;
     };
+    wantedBy = [ "multi-user.target" ];
   };
 }
diff --git a/config/nixos/docker/vpn.yml b/config/nixos/docker/vpn.yml
new file mode 100644
index 0000000..c6bec88
--- /dev/null
+++ b/config/nixos/docker/vpn.yml
@@ -0,0 +1,18 @@
+version: '3.8'
+
+services:
+  wireguard:
+    image: lscr.io/linuxserver/wireguard:latest
+    container_name: wireguard
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - PEERS=fold6,pc,laptop
+    volumes:
+      - ./wireguard:/config
+    ports:
+      - 51820:51820/udp
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped
+    
\ No newline at end of file