From c371552dfd4c19a1b979c834a964dac1f01ad92c Mon Sep 17 00:00:00 2001
From: 0xWheatyz <wyatt@leeworks.dev>
Date: Wed, 15 Apr 2026 19:19:22 -0400
Subject: [PATCH] fix(wireguard): use static endpoint IP and drop manual route
 hooks

Replace hostname endpoint with resolved IP (69.48.243.22) so
wg-quick's native fwmark-based routing handles 0.0.0.0/0 correctly.
Remove preUp/postDown hooks that conflicted with wg-quick's own
policy routing.
---
 configuration.nix | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index e87acb0..c12c58e 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -180,20 +180,9 @@
     dns = [ "10.0.1.65" ];
     privateKeyFile = "/etc/wireguard/private.key";
 
-    preUp = ''
-      ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev @1.1.1.1 | head -1)
-      GATEWAY=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $3}')
-      DEV=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $5}')
-      ${pkgs.iproute2}/bin/ip route add "$ENDPOINT_IP" via "$GATEWAY" dev "$DEV"
-    '';
-    postDown = ''
-      ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev @1.1.1.1 | head -1)
-      ${pkgs.iproute2}/bin/ip route del "$ENDPOINT_IP" || true
-    '';
-
     peers = [{
       publicKey = "VEpzr/CeGdS6Wsy0NDDfmlB/bCYxS55A155HWGCIIzc=";
-      endpoint = "vpn.leeworks.dev:51820";
+      endpoint = "69.48.243.22:51820";
       allowedIPs = [ "0.0.0.0/0" ];
       persistentKeepalive = 25;
     }];