From c3d7a7725cefc7c6fa163ee85991b40389dd0144 Mon Sep 17 00:00:00 2001
From: Balakrishnan Balasubramanian <git.user@balki.me>
Date: Wed, 10 Dec 2025 17:08:53 -0500
Subject: [PATCH] fix source path and improve systemd directivees

---
 common_sshconfig |  2 +-
 diyvpn.sh        | 16 +++++++++++-----
 diyvpnctl.sh     |  2 +-
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/common_sshconfig b/common_sshconfig
index c83f156..284aa56 100644
--- a/common_sshconfig
+++ b/common_sshconfig
@@ -1,7 +1,7 @@
 Include ${SSH_CFG_PATH}
 Host default
     IdentitiesOnly yes
-    StreamLocalBindMask 0111 # TODO: check this
+    StreamLocalBindMask 0117
     StreamLocalBindUnlink yes
     DynamicForward ${RUNTIME_DIRECTORY}/sock
     SessionType none
diff --git a/diyvpn.sh b/diyvpn.sh
index 3398ed0..d037023 100755
--- a/diyvpn.sh
+++ b/diyvpn.sh
@@ -13,6 +13,7 @@ check_file_exists() {
 	return 1
 }
 
+script_path="$0"
 script_dir=$(dirname "$(realpath "$0")")
 common_ssh_cfg_path="${DIYVPN_SSH_CFG:-$script_dir/common_sshconfig}"
 diyvpn_cfg="${DIYVPN_CFG:-$HOME/.config/diyvpn/servers}"
@@ -30,31 +31,34 @@ generate() {
 	check_file_exists "$server_ssh_cfg" || return 0
 	check_file_exists "$server_config_rc" || return 0
 
-	# shellcheck disable=SC1091
-	source "server_config_rc"
+	# shellcheck disable=SC1090
+	source "$server_config_rc"
 
 	idle_timeout="${IDLE_TIMEOUT:-10min}"
 	listen_address="${LISTEN_ADDRESS:?LISTEN_ADDRESS should be set}"
+	header="# Automatically generated by $script_path"
 
 	cat >"$opdir/diyvpnssh-$name.service" <<-EOF
+		$header
 		[Unit]
 		Description=ssh to $name
+		SourcePath=$server_config_rc
 		StopWhenUnneeded=yes
 
 		[Service]
 		Type=notify
 		NotifyAccess=all
 
-		# TODO change to yes?
-		Restart=no
 		RuntimeDirectory=diyvpn-$name
 		Environment=SSH_CFG_PATH=$server_ssh_cfg
 		ExecStart=ssh -F "$common_ssh_cfg_path" default
 	EOF
 
 	cat >"$opdir/diyvpnact-$name.service" <<-EOF
+		$header
 		[Unit]
 		Description=Socket activator for diyvpn to server $name
+		SourcePath=$server_config_rc
 		Requires=diyvpnssh-$name.service
 		After=diyvpnssh-$name.service
 		BindsTo=diyvpnssh-$name.service
@@ -64,8 +68,10 @@ generate() {
 	EOF
 
 	cat >"$opdir/diyvpnact-$name.socket" <<-EOF
+		$header
 		[Unit]
 		Description=Socket for diyvpn to server $name
+		SourcePath=$server_config_rc
 
 		[Socket]
 		ListenStream=$listen_address
@@ -80,7 +86,7 @@ generate() {
 
 for server in "$diyvpn_cfg"/*; do
 	if [[ -d "$server" ]]; then
-		(generate "$server" "$opdir")
+		(generate "$server")
 	else
 		echo "Ignoring $server. Not a directory."
 	fi
diff --git a/diyvpnctl.sh b/diyvpnctl.sh
index 4f91f4f..c81f01e 100755
--- a/diyvpnctl.sh
+++ b/diyvpnctl.sh
@@ -7,7 +7,7 @@ diyvpn_cfg="${DIYVPN_CFG:-$HOME/.config/diyvpn/servers}"
 add() {
 	local name listen_address idle_timeout hostname port username identityfile
 
-	read -rp "Server name [e.g. foobar] [required] : " name
+	read -rp "Server name [e.g. vps1] [required] : " name
 	if [[ -d "$diyvpn_cfg/$name" ]]; then
 		echo "Warning: $diyvpn_cfg/$name already exists. Exising files will be overwritten. [Ctrl+C to quit]"
 	fi