[Unit]
Description=Monero Full Node for user %I
After=network.target
# `man systemd.unit`

# Notes about my tests with BindsTo= and other options see this url:
# https://git.flylightning.xyz/public_archive_codes/tree/configs/configs_root_dir/etc/systemd/system/monerod_after_bindsto_mullvad.service

# I learned about using sys-subsystem-net-devices-wg_ba.device from:
# https://unix.stackexchange.com/q/360214
# https://unix.stackexchange.com/q/669660
# More similar devices see `systemctl` or `systemctl --user`. I also have
# sys-subsystem-net-devices-wg_ba.device which is related to
# /sys/subsystem/net/devices/wg_ba, but my computer does not have
# /sys/subsystem dir, and systemctl status
# sys-subsystem-net-devices-wg_ba.device shows "Device:" is also
# /sys/devices/virtual/net/wg_ba, so I choose to use
# sys-subsystem-net-devices-wg_ba.device.

# I want monerod tunnel all traffic through wireguard, otherwise China ISP will
# think I mine crypto and will be unhappy. This is one of the measures I take,
# which is to only run monerod when wg_ba network interface is up. **Note it
# seems there will still have some traffic being leaked when wg_ba is down**,
# maybe due to moenrod does not being killed immediately. Maybe use use
# KillSignal=SIGKILL can kill it faster, see `man systemd.kill`, but I don't
# want it to be killed with SIGKILL even when proper poweroff computer so maybe
# don't use it. It can be tested with sth. like `sudo tcpdump -i wlp2s0 port
# 18080`. wg_ba is tunnelling all computer traffic through ba. I bind it to
# wg_ba because trying to make monerod tunnel traffic to wireguard when
# wg_master is up is hard. wg_master does not tunnel all computer traffic.
# monerod --p2p-bind-ip does not work as expected when under wg_master, see vq
# bug notes. ba VPS nftables.conf also need `oifname $wg_iface masquerade` for
# monerod to tunnel some traffic through ba wireguard when insp is under
# wg_master, but this has issue of insp can't access ib qbt and jackett because
# I guess this maybe somehow also masquerade my website accessing ib qbt and
# jackett with other ip which ib nft refuse to let the ip to see its local
# ports. One way I could think to make monerod tunnel all traffic through
# wireguard is to use virutal network interface and namespaces but that is very
# complicated.
After=sys-subsystem-net-devices-wg_ba.device
BindsTo=sys-subsystem-net-devices-wg_ba.device

[Service]
User=%i

Type=simple
ExecStart=/usr/bin/monerod --non-interactive
StandardOutput=null
StandardError=null
# `man systemd.service`
# I would like to kill monerod with my vpn script as one of the measures to
# bind it to wg_ba wireguard network interface, so no restart. If restart,
# after me kill monerod, it will be restarted which is not what I want. I don't
# wish to always make it run, run only for some time after me start the
# computer is ok for me, just need to sync and share the monero node a little
# bit, I'm fine if later on moenrod got killed for whatever reason.
Restart=no

[Install]
WantedBy=multi-user.target