From 612d174160e7cc6a33bbe2e7c48e9cadb58d5680 Mon Sep 17 00:00:00 2001
From: Andreas Fischer <af@bantuX.org>
Date: Wed, 26 Apr 2023 15:37:24 +0200
Subject: [PATCH] wgsd-client: Add systemd timer/service example

---
 cmd/wgsd-client/systemd/README.md               | 16 ++++++++++++++++
 .../etc/systemd/system/wgsd-client@.service     | 17 +++++++++++++++++
 .../etc/systemd/system/wgsd-client@.timer       | 11 +++++++++++
 .../systemd/etc/wgsd/wg-example.template.env    |  2 ++
 4 files changed, 46 insertions(+)
 create mode 100644 cmd/wgsd-client/systemd/README.md
 create mode 100644 cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.service
 create mode 100644 cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.timer
 create mode 100644 cmd/wgsd-client/systemd/etc/wgsd/wg-example.template.env

diff --git a/cmd/wgsd-client/systemd/README.md b/cmd/wgsd-client/systemd/README.md
new file mode 100644
index 0000000..da0dcba
--- /dev/null
+++ b/cmd/wgsd-client/systemd/README.md
@@ -0,0 +1,16 @@
+# wgsd-client systemd Integration
+
+systemd timers can be used to periodically invoke `wgsd-client`.
+
+## Installation
+
+* Copy `wgsd-client@.service` to `/etc/systemd/system/`.
+* Copy `wgsd-client@.timer`  to `/etc/systemd/system/`.
+
+## Configuration
+
+* To configure `wgsd-client` for WireGuard interface `wg-foo` copy `wg-example.template.env` to `/etc/wgsd/wg-foo.env` and adjust variables accordingly.
+
+## Activation
+
+* To activate periodic `wgsd-client` invocation for WireGuard interface `wg-foo` run `systemctl enable wgsd-client@wg-foo.timer`.
diff --git a/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.service b/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.service
new file mode 100644
index 0000000..4658c48
--- /dev/null
+++ b/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=WireGuard Service Discovery (wgsd) Client
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+PermissionsStartOnly=true
+LimitNOFILE=512
+LimitNPROC=16
+CapabilityBoundingSet=CAP_NET_ADMIN
+AmbientCapabilities=CAP_NET_ADMIN
+NoNewPrivileges=true
+User=wgsd-client
+Group=wgsd-client
+DynamicUser=true
+EnvironmentFile=/etc/wgsd/%i.env
+ExecStart=/usr/local/bin/wgsd-client -device %i -dns $DNS -zone $ZONE
diff --git a/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.timer b/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.timer
new file mode 100644
index 0000000..eb2aee3
--- /dev/null
+++ b/cmd/wgsd-client/systemd/etc/systemd/system/wgsd-client@.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Run WireGuard Service Discovery (wgsd) Client
+
+[Timer]
+OnActiveSec=10
+OnUnitActiveSec=45
+AccuracySec=1s
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/cmd/wgsd-client/systemd/etc/wgsd/wg-example.template.env b/cmd/wgsd-client/systemd/etc/wgsd/wg-example.template.env
new file mode 100644
index 0000000..9451d13
--- /dev/null
+++ b/cmd/wgsd-client/systemd/etc/wgsd/wg-example.template.env
@@ -0,0 +1,2 @@
+DNS=10.13.37.1:5353
+ZONE=wg.example.net.