From 431a05b652a57144bb2db44fdf04abaff6b5d5ef Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Mon, 14 Jul 2025 00:31:55 +0800 Subject: run monerod only when all network thru wireguard wg_ba network interface tunnels all network through wireguard to ba. I would like to only run monerod when this happened due to various reasons see comments in monerod@.service. Some measures I take are: systemd unit bind to wg_ba, networkmanager dispatcher stop monerod service pre wg_ba down, and vpn script kill monerod process before wg_ba down. The former two measures are in this commit. For bitmonero.conf, I also limit upload rate, reason see comment. I also enabled ipv6. I also try bind ip, which seems does not work, but I put there anyway. --- .../dispatcher.d/pre-down.d/20-monerod | 10 +++++++ etc/systemd/system/monerod@.service | 35 ++++++++++++++++++++-- 2 files changed, 43 insertions(+), 2 deletions(-) create mode 100755 etc/NetworkManager/dispatcher.d/pre-down.d/20-monerod (limited to 'etc') diff --git a/etc/NetworkManager/dispatcher.d/pre-down.d/20-monerod b/etc/NetworkManager/dispatcher.d/pre-down.d/20-monerod new file mode 100755 index 00000000..9c10aa0a --- /dev/null +++ b/etc/NetworkManager/dispatcher.d/pre-down.d/20-monerod @@ -0,0 +1,10 @@ +#!/bin/sh + +# `man NetworkManager-dispatcher` + +if [ "$1" = wg_ba ]; then + case "$2" in + # my test shows only pre-down will be emitted, vpn-pre-down and down will not be emitted here + pre-down) systemctl stop monerod@xyz;; + esac +fi diff --git a/etc/systemd/system/monerod@.service b/etc/systemd/system/monerod@.service index 0dfd9e70..f1d91961 100644 --- a/etc/systemd/system/monerod@.service +++ b/etc/systemd/system/monerod@.service @@ -1,6 +1,31 @@ [Unit] Description=Monero Full Node for user %I After=network.target +# `man systemd.unit` +# Notes about my tests with BindsTo= and other options see this url: +# https://git.flylightning.xyz/public_archive_codes/tree/configs/configs_root_dir/etc/systemd/system/monerod_after_bindsto_mullvad.service +# I want monerod tunnel all traffic through wireguard, otherwise China ISP will +# think I mine crypto and will be unhappy. This is one of the measures I take, +# which is to only run monerod when wg_ba network interface is up. **Note it +# seems there will still have some traffic being leaked when wg_ba is down**, +# maybe due to moenrod does not being killed immediately. Maybe use use +# KillSignal=SIGKILL can kill it faster, see `man systemd.kill`, but I don't +# want it to be killed with SIGKILL even when proper poweroff computer so maybe +# don't use it. It can be tested with sth. like `sudo tcpdump -i wlp2s0 port +# 18080`. wg_ba is tunnelling all computer traffic through ba. I bind it to +# wg_ba because trying to make monerod tunnel traffic to wireguard when +# wg_master is up is hard. wg_master does not tunnel all computer traffic. +# monerod --p2p-bind-ip does not work as expected when under wg_master, see vq +# bug notes. ba VPS nftables.conf also need `oifname $wg_iface masquerade` for +# monerod to tunnel some traffic through ba wireguard when insp is under +# wg_master, but this has issue of insp can't access ib qbt and jackett because +# I guess this maybe somehow also masquerade my website accessing ib qbt and +# jackett with other ip which ib nft refuse to let the ip to see its local +# ports. One way I could think to make monerod tunnel all traffic through +# wireguard is to use virutal network interface and namespaces but that is very +# complicated. +After=sys-subsystem-net-devices-wg_ba.device +BindsTo=sys-subsystem-net-devices-wg_ba.device [Service] User=%i @@ -9,8 +34,14 @@ Type=simple ExecStart=/usr/bin/monerod --non-interactive StandardOutput=null StandardError=null - -Restart=always +# `man systemd.service` +# I would like to kill monerod with my vpn script as one of the measures to +# bind it to wg_ba wireguard network interface, so no restart. If restart, +# after me kill monerod, it will be restarted which is not what I want. I don't +# wish to always make it run, run only for some time after me start the +# computer is ok for me, just need to sync and share the monero node a little +# bit, I'm fine if later on moenrod got killed for whatever reason. +Restart=no [Install] WantedBy=multi-user.target -- cgit v1.2.3-70-g09d2