From b4e4036c41754146e87e09e7654e77010de9972f Mon Sep 17 00:00:00 2001
From: 0xWheatyz <wyatt@leeworks.dev>
Date: Wed, 15 Apr 2026 19:00:00 -0400
Subject: [PATCH] fix(wireguard): resolve endpoint hostname to IP before adding
 route

ip route does not accept hostnames. Use dig to resolve
vpn.leeworks.dev to an IP address in postUp/preDown hooks.
---
 configuration.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index bb07005..676126c 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -181,10 +181,14 @@
     privateKeyFile = "/etc/wireguard/private.key";
 
     postUp = ''
-      ${pkgs.iproute2}/bin/ip route add vpn.leeworks.dev via $(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $3}') dev $(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $5}')
+      ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev | head -1)
+      GATEWAY=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $3}')
+      DEV=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $5}')
+      ${pkgs.iproute2}/bin/ip route add "$ENDPOINT_IP" via "$GATEWAY" dev "$DEV"
     '';
     preDown = ''
-      ${pkgs.iproute2}/bin/ip route del vpn.leeworks.dev || true
+      ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev | head -1)
+      ${pkgs.iproute2}/bin/ip route del "$ENDPOINT_IP" || true
     '';
 
     peers = [{