parahub-mesh/files/usr/bin/parahub-gw-check

#!/bin/sh
# Parahub Gateway Health Check
# Monitors Mullvad WireGuard status and switches batman-adv gw_mode:
#   - Mullvad active (recent handshake) → gw_mode=server (advertise as gateway)
#   - Mullvad down or not configured    → gw_mode=client (relay only)
#
# Run via cron every 2 minutes. Bumblebee only.

[ "$(cat /etc/parahub/role 2>/dev/null)" = "bumblebee" ] || exit 0

# Check if Mullvad WireGuard interface exists and has recent handshake
MULLVAD_OK=0
if command -v wg >/dev/null 2>&1; then
    # Get latest handshake timestamp from any WireGuard interface
    LAST_HS=$(wg show all latest-handshakes 2>/dev/null | awk '{print $NF}' | sort -rn | head -1)
    if [ -n "$LAST_HS" ] && [ "$LAST_HS" -gt 0 ] 2>/dev/null; then
        NOW=$(date +%s)
        AGE=$((NOW - LAST_HS))
        # Handshake within last 5 minutes = alive
        [ "$AGE" -lt 300 ] && MULLVAD_OK=1
    fi
fi

CURRENT_MODE=$(batctl gw_mode 2>/dev/null | awk '{print $1}')

if [ "$MULLVAD_OK" = "1" ]; then
    if [ "$CURRENT_MODE" != "server" ]; then
        batctl gw_mode server
        logger -t parahub-gw "Mullvad active, switched to gw_mode=server"
    fi
else
    if [ "$CURRENT_MODE" != "client" ]; then
        batctl gw_mode client
        logger -t parahub-gw "Mullvad down, switched to gw_mode=client"
    fi
fi