2 files changed, 47 insertions, 2 deletions

diff --git a/etc/systemd/system/monerod@.service b/etc/systemd/system/monerod@.service
index 0dfd9e70..bcdbb700 100644
--- a/etc/systemd/system/monerod@.service
+++ b/etc/systemd/system/monerod@.service
@@ -1,6 +1,44 @@
 [Unit]
 Description=Monero Full Node for user %I
 After=network.target
+# `man systemd.unit`
+
+# Notes about my tests with BindsTo= and other options see this url:
+# https://git.flylightning.xyz/public_archive_codes/tree/configs/configs_root_dir/etc/systemd/system/monerod_after_bindsto_mullvad.service
+#
+# I learned about using sys-subsystem-net-devices-wg_ba.device from:
+# https://unix.stackexchange.com/q/360214
+# https://unix.stackexchange.com/q/669660
+# More similar devices see `systemctl` or `systemctl --user`. I also have
+# sys-subsystem-net-devices-wg_ba.device which is related to
+# /sys/subsystem/net/devices/wg_ba, but my computer does not have
+# /sys/subsystem dir, and systemctl status
+# sys-subsystem-net-devices-wg_ba.device shows "Device:" is also
+# /sys/devices/virtual/net/wg_ba, so I choose to use
+# sys-subsystem-net-devices-wg_ba.device.
+#
+# I want monerod tunnel all traffic through wireguard, otherwise China ISP will
+# think I mine crypto and will be unhappy. This is one of the measures I take,
+# which is to only run monerod when wg_ba network interface is up. **Note it
+# seems there will still have some traffic being leaked when wg_ba is down**,
+# maybe due to moenrod does not being killed immediately. Maybe use use
+# KillSignal=SIGKILL can kill it faster, see `man systemd.kill`, but I don't
+# want it to be killed with SIGKILL even when proper poweroff computer so maybe
+# don't use it. It can be tested with sth. like `sudo tcpdump -i wlp2s0 port
+# 18080`. wg_ba is tunnelling all computer traffic through ba. I bind it to
+# wg_ba because trying to make monerod tunnel traffic to wireguard when
+# wg_master is up is hard. wg_master does not tunnel all computer traffic.
+# monerod --p2p-bind-ip does not work as expected when under wg_master, see vq
+# bug notes. ba VPS nftables.conf also need `oifname $wg_iface masquerade` for
+# monerod to tunnel some traffic through ba wireguard when insp is under
+# wg_master, but this has issue of insp can't access ib qbt and jackett because
+# I guess this maybe somehow also masquerade my website accessing ib qbt and
+# jackett with other ip which ib nft refuse to let the ip to see its local
+# ports. One way I could think to make monerod tunnel all traffic through
+# wireguard is to use virutal network interface and namespaces but that is very
+# complicated.
+After=sys-subsystem-net-devices-wg_ba.device
+BindsTo=sys-subsystem-net-devices-wg_ba.device
 
 [Service]
 User=%i
@@ -9,8 +47,14 @@ Type=simple
 ExecStart=/usr/bin/monerod --non-interactive
 StandardOutput=null
 StandardError=null
-
-Restart=always
+# `man systemd.service`
+# I would like to kill monerod with my vpn script as one of the measures to
+# bind it to wg_ba wireguard network interface, so no restart. If restart,
+# after me kill monerod, it will be restarted which is not what I want. I don't
+# wish to always make it run, run only for some time after me start the
+# computer is ok for me, just need to sync and share the monero node a little
+# bit, I'm fine if later on moenrod got killed for whatever reason.
+Restart=no
 
 [Install]
 WantedBy=multi-user.target
diff --git a/etc/systemd/system/multi-user.target.wants/mimic@wlp2s0.service b/etc/systemd/system/multi-user.target.wants/mimic@wlp2s0.service
new file mode 120000
index 00000000..dce9a731
--- /dev/null
+++ b/etc/systemd/system/multi-user.target.wants/mimic@wlp2s0.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/mimic@.service
\ No newline at end of file