From 43b19c39353bdfa1cb2169097bd135e858823769 Mon Sep 17 00:00:00 2001
From: Yorick van Pelt <yorick@yorickvanpelt.nl>
Date: Sat, 15 Apr 2023 12:28:40 +0200
Subject: [PATCH] fix torrent-wg after server rotation

---
 nixos/services/torrent-wg.nix | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/nixos/services/torrent-wg.nix b/nixos/services/torrent-wg.nix
index 0e2ab54..b15c800 100644
--- a/nixos/services/torrent-wg.nix
+++ b/nixos/services/torrent-wg.nix
@@ -1,5 +1,20 @@
 { pkgs, lib, config, ... }:
 let cfg = config.services.yorick.torrent-vpn;
+    # curl -s 'https://api.mullvad.net/www/relays/all/' | jq '.[] | select(.type == "wireguard" and .country_code == "nl" and .owned and .active) | {hostname, pubkey, ipv4_addr_in, ipv6_addr_in}'
+    mullvad_entry = builtins.fromJSON ''
+        {
+          "hostname": "nl-ams-wg-006",
+          "pubkey": "xpZ3ZDEukbqKQvdHwaqKMUhsYhcYD3uLPUh1ACsVr1s=",
+          "ipv4_addr_in": "185.65.134.86",
+          "ipv6_addr_in": "2a03:1b20:3:f011::a06f",
+          "status_messages": [
+            {
+              "message": "OpenVPN servers hosted by 31173 will be upgraded to a newer OS and some will upgrade to 20Gbps from 10Gbps. the upgrades will begin from 2023-MAR-23,  we will rotate IP-addresses and also change their hostnames to use the new naming scheme,  This will also affect WG Servers in AMS.",
+              "timestamp": "2023-03-23T16:25:13+00:00"
+            }
+          ]
+        }
+    '';
 in {
   options.services.yorick.torrent-vpn = with lib; {
     enable = mkEnableOption "torrent-vpn";
@@ -9,13 +24,12 @@ in {
   config = lib.mkIf cfg.enable {
     age.secrets.wg-torrent.file = ../../secrets/wg.${cfg.name}.age;
     networking.wireguard.interfaces.${cfg.name} = {
-      # curl -s https://api.mullvad.net/www/relays/all/ | jq '.[] | select(.type == "wireguard" and .country_code == "nl")'
       ips = [ "10.66.30.26/32" "fc00:bbbb:bbbb:bb01::3:1e19/128" ];
       privateKeyFile = config.age.secrets.wg-torrent.path;
       peers = [{
-        publicKey = "hnRyse6QxPPcZOoSwRsHUtK1W+APWXnIoaDTmH6JsHQ=";
+        publicKey = mullvad_entry.pubkey;
         allowedIPs = [ "0.0.0.0/0" "::0/0" ];
-        endpoint = "[2a03:1b20:3:f011::a04f]:51820";
+        endpoint = "[${mullvad_entry.ipv6_addr_in}]:51820";
       }];
       interfaceNamespace = cfg.namespace;
       preSetup = ''
@@ -23,7 +37,7 @@ in {
       '';
     };
     environment.etc."netns/torrent/resolv.conf".text = ''
-      nameserver 193.138.218.74
+      nameserver 10.64.0.1
     '';
   };
 }