config/modules/hyprspace/default.nix

86 lines
2.7 KiB
Nix
Raw Normal View History

2022-02-05 21:42:36 +02:00
{ inputs, pkgs, lib, hosts, config, ... }:
let
inherit (config.networking) hostName;
hyprspace = inputs.hyprspace.packages.${pkgs.system}.default;
2023-10-27 21:42:34 +03:00
hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hyprspace) hosts;
peersFormatted = builtins.mapAttrs (name: x: {
inherit name;
2023-10-27 21:42:34 +03:00
inherit (x.hyprspace) id;
routes = map (net: { inherit net; }) (x.hyprspace.routes or []);
}) hyprspaceCapableNodes;
2022-02-05 21:42:36 +02:00
peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted;
peerList = builtins.attrValues peersFiltered;
2022-02-05 21:42:36 +02:00
myNode = hosts.${hostName};
2023-10-27 21:42:34 +03:00
listenPort = myNode.hyprspace.listenPort or 8001;
2022-02-05 21:42:36 +02:00
interfaceConfig = pkgs.writeText "hyprspace.json" (builtins.toJSON {
listenAddresses = let
port = toString listenPort;
in [
"/ip4/0.0.0.0/tcp/${port}"
"/ip4/0.0.0.0/udp/${port}/quic-v1"
"/ip6/::/tcp/${port}"
"/ip6/::/udp/${port}/quic-v1"
];
privateKey = "@HYPRSPACEPRIVATEKEY@";
2022-09-26 02:17:40 +03:00
peers = peerList;
inherit (config.services.hyprspace) services;
2022-09-26 02:17:40 +03:00
});
2022-02-05 21:42:36 +02:00
privateKeyFile = config.age.secrets.hyprspace-key.path;
runConfig = "/run/hyprspace.json";
2022-02-05 21:42:36 +02:00
in {
imports = [
./options.nix
];
2022-02-05 21:42:36 +02:00
age.secrets.hyprspace-key = {
file = ../../secrets/hyprspace-key- + "${hostName}.age";
mode = "0400";
};
2023-01-21 00:38:43 +02:00
environment.systemPackages = [
hyprspace
];
2022-02-05 21:42:36 +02:00
systemd.services.hyprspace = {
enable = true;
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
preStart = ''
test -e ${runConfig} && rm ${runConfig}
2022-09-26 02:17:40 +03:00
cp ${interfaceConfig} ${runConfig}
2022-02-05 21:42:36 +02:00
chmod 0600 ${runConfig}
2022-09-26 02:17:40 +03:00
${pkgs.replace-secret}/bin/replace-secret '@HYPRSPACEPRIVATEKEY@' "${privateKeyFile}" ${runConfig}
2022-02-05 21:42:36 +02:00
chmod 0400 ${runConfig}
'';
2022-11-13 03:12:44 +02:00
environment = lib.optionalAttrs config.services.kubo.enable {
2022-10-30 15:10:57 +02:00
HYPRSPACE_IPFS_API = config.services.kubo.settings.Addresses.API;
2022-11-13 03:12:44 +02:00
};
2022-02-05 21:42:36 +02:00
serviceConfig = {
2023-01-21 00:38:43 +02:00
Group = "wheel";
2022-06-18 00:53:36 +03:00
Restart = "on-failure";
RestartSec = "5s";
ExecStart = "${hyprspace}/bin/hyprspace up -c ${runConfig}";
ExecStopPost = "${pkgs.coreutils}/bin/rm -f /run/hyprspace-rpc.hyprspace.sock";
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
2022-02-05 21:42:36 +02:00
};
};
networking.firewall = {
allowedTCPPorts = [ listenPort ];
allowedUDPPorts = [ listenPort ];
trustedInterfaces = [ "hyprspace" ];
};
networking.networkmanager.dispatcherScripts = [{
source = pkgs.writeShellScript "hyprspace-reconnect.sh" ''
[[ "$2" != "up" ]] && exit 0
PATH=${pkgs.systemd}/bin:$PATH
case $1 in
wl*|en*)
systemctl reload-or-restart --no-block hyprspace.service;;
2022-02-05 21:42:36 +02:00
esac
exit 0
'';
type = "basic";
}];
}