Update README

Add instructions for setting up a Systemd service unit for VPN connection
Update default DNS server
2024-02-24 14:25:43 +01:00 · 2024-02-24 12:10:20 +01:00 · 2023-06-04 12:05:00 +02:00 · 2023-06-04 11:15:18 +02:00 · 2023-06-04 10:55:59 +02:00 · 2023-06-03 19:20:22 +02:00
9 changed files with 41 additions and 29 deletions
--- a/README.md
+++ b/README.md
@ -4,14 +4,18 @@ This repository contains setup or configuration files for [LibreELEC](https://li

 ### WireGuard VPN setup
 * copy `~/.config/wireguard/wireguard.config.sample` to a new file, and adjust the parameters (see
-https://wiki.libreelec.tv/configuration/wireguard for reference)
+[LibreELEC wiki](https://wiki.libreelec.tv/configuration/wireguard) for reference)
+* do NOT set the DNS server in this conf file, but in `variables.conf`
+* it is advisable to create a Systemd unit to manage the VPN connection, especially if it should start at boot
+  * use the [wiki](https://wiki.libreelec.tv/configuration/wireguard#configuring-systemd), and mind that the connection
+  name to use with `connmanctl` is the ConnMan id (`vpn_<endpoint_address>`) and not the name given to the connection

 ### Files
-* `set-resolv-conf.sh` moves last DNS entry up in `/etc/resolv.conf` (is called after VPN initialization)
 * `variables.conf.template` contains examples variables definitions, and should be copied locally to `variables.conf`
  (with any required modifications).
 * `systemd-templates/` contains Systemd units templates for detecting VPN connection, and apply routes and DNS
  modifications.
+* `set-dns.sh` sets the VPN DNS to `resolv.conf`, and `unset-dns.sh` restores the previous `resolv.conf`.
 #### Installation
 * `install.sh` script copies Systemd templates to their destination, and enables trigger (Systemd path).

--- a/install.sh
+++ b/install.sh
@ -13,12 +13,11 @@ echo "Copying Systemd units to system directory..."
 cp $run_directory/systemd-templates/set-ip-routes.service /storage/.config/system.d/
 sed -i -e "s/PH_DNS/$dns_server/g" /storage/.config/system.d/set-ip-routes.service
 sed -i -e "s:PH_NETWORK:$target_network:g" /storage/.config/system.d/set-ip-routes.service
-cp $run_directory/systemd-templates/set-ip-routes.path /storage/.config/system.d/
+mkdir /storage/.config/system.d/sys-subsystem-net-devices-wg0.device.d
+cp $run_directory/systemd-templates/set-ip-routes.conf /storage/.config/system.d/sys-subsystem-net-devices-wg0.device.d

 echo "Reloading Systemd..."
 systemctl daemon-reload
-echo "Enabling path unit (not starting it, either do it manually or reboot)..."
-systemctl enable set-ip-routes.path

 echo "Finished install. Exiting..."
 exit 0
--- a/set-dns.sh
+++ b/set-dns.sh
@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+run_directory=$(dirname $(readlink -f "$0"))
+
+source "$run_directory/variables.conf"
+
+# count lines in resolv.conf
+lines=$(cat /run/libreelec/resolv.conf | wc -l)
+# count number of 'nameserver' entries
+count=$(grep -c 'nameserver' /run/libreelec/resolv.conf)
+
+cp /run/libreelec/resolv.conf /run/libreelec/resolv.conf.bck
+sed -i "$((lines - count + 1))s/^/nameserver $dns_server\n/" /run/libreelec/resolv.conf
+
+exit 0
--- a/set-resolv-conf.sh
+++ b/set-resolv-conf.sh
@ -1,16 +0,0 @@
-#!/usr/bin/env bash
-
-# count lines in resolv.conf
-lines=$(cat /run/libreelec/resolv.conf | wc -l)
-# count number of 'nameserver' entries
-count=$(grep -c 'nameserver' /run/libreelec/resolv.conf)
-
-# move last entry to top
-i=$((0))
-while [ $((count)) -gt 1 ]; do
-  sed -i -n "$((lines - i - 1)){h;n;G};p" /run/libreelec/resolv.conf
-  count=$((count - 1))
-  i=$((i + 1))
-done
-
-exit 0
--- a/systemd-templates/set-ip-routes.conf
+++ b/systemd-templates/set-ip-routes.conf
@ -0,0 +1,3 @@
+[Unit]
+BindsTo=set-ip-routes.service
+Before=set-ip-routes.service
--- a/systemd-templates/set-ip-routes.path
+++ b/systemd-templates/set-ip-routes.path
@ -1,6 +0,0 @@
-[Unit]
-Description=Detect WireGuard VPN activation
-
-[Path]
-PathExists=/sys/class/net/wg0
-Unit=set-ip-routes.service
--- a/systemd-templates/set-ip-routes.service
+++ b/systemd-templates/set-ip-routes.service
@ -1,9 +1,12 @@
 [Unit]
 Description=Update IP routes after connecting to VPN
+BindsTo=sys-subsystem-net-devices-wg0.device

 [Service]
 Type=oneshot
+RemainAfterExit=yes
 ExecStart=/usr/sbin/ip route del default dev wg0
 ExecStart=/usr/sbin/ip route add PH_DNS dev wg0
 ExecStart=/usr/sbin/ip route add PH_NETWORK dev wg0
-ExecStart=/storage/libreelec-conf/set-resolv-conf.sh
+ExecStart=/usr/bin/bash /storage/libreelec-conf/set-dns.sh
+ExecStop=/usr/bin/bash /storage/libreelec-conf/unset-dns.sh
--- a/unset-dns.sh
+++ b/unset-dns.sh
@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+run_directory=$(dirname $(readlink -f "$0"))
+
+source "$run_directory/variables.conf"
+
+rm /run/libreelec/resolv.conf
+mv /run/libreelec/resolv.conf.bck /run/libreelec/resolv.conf
+
+exit 0
--- a/variables.conf.template
+++ b/variables.conf.template
@ -2,5 +2,5 @@

 # Copy this file as variables.conf, with the correct values

-dns_server=192.168.0.63
+dns_server=192.168.3.64
 target_network=192.168.3.0/24
Author	SHA1	Message	Date
Alexandre CATTEAU	33f60c1781	Update README Add instructions for setting up a Systemd service unit for VPN connection	2024-02-24 14:25:43 +01:00
Alexandre CATTEAU	2a5ce61df6	Update default DNS server	2024-02-24 12:10:20 +01:00
Alexandre CATTEAU	98f87c33bd	Replace path trigger to binding to WireGuard device	2023-06-04 12:05:00 +02:00
Alexandre CATTEAU	a12f4d19c3	Update README	2023-06-04 11:15:18 +02:00
Alexandre CATTEAU	e2213b08ab	Change entirely the way to manage resolv.conf	2023-06-04 10:55:59 +02:00
Alexandre CATTEAU	7c781475c9	Add TODO in script	2023-06-03 19:20:22 +02:00
Alexandre CATTEAU	1971a1380e	Update service unit	2023-06-03 19:01:04 +02:00
Alexandre CATTEAU	ea8d30d57d	Update systemd templates	2023-06-03 18:40:42 +02:00
Alexandre CATTEAU	3156e64b26	Fix previous commit: set instructions in right file...	2023-06-03 18:17:37 +02:00
Alexandre CATTEAU	b4fb985c72	Add install instructions in service	2023-06-03 18:16:45 +02:00