From 153f144dc3519227b409b2d364aac8f7c2837c3c Mon Sep 17 00:00:00 2001 From: Max Date: Fri, 27 Oct 2023 01:17:50 +0200 Subject: [PATCH] modules/hyprspace, hosts: new config format, new cli interface, new addressing scheme --- hosts/TITAN/default.nix | 1 - hosts/TITAN/system.nix | 2 +- hosts/default.nix | 17 +++++++++++----- hosts/jericho/default.nix | 1 - modules/hyprspace/default.nix | 38 +++++++++++++++-------------------- 5 files changed, 29 insertions(+), 30 deletions(-) diff --git a/hosts/TITAN/default.nix b/hosts/TITAN/default.nix index 9f618e1..dd7c894 100644 --- a/hosts/TITAN/default.nix +++ b/hosts/TITAN/default.nix @@ -6,7 +6,6 @@ tools: { hypr = { id = "QmfJ5Tv2z9jFv9Aocevyn6QqRcfm9eYQZhvYvmAVfACfuM"; - addr = "10.100.3.7"; listenPort = 443; routes = [ "10.0.0.0/24" diff --git a/hosts/TITAN/system.nix b/hosts/TITAN/system.nix index da95648..6ab4cd2 100644 --- a/hosts/TITAN/system.nix +++ b/hosts/TITAN/system.nix @@ -76,7 +76,7 @@ in enable = true; externalInterface = "enp24s0"; internalIPs = [ - "10.100.3.0/24" + "100.64.0.0/16" ]; }; } diff --git a/hosts/default.nix b/hosts/default.nix index 49bdc55..f195099 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -14,7 +14,6 @@ in with tools.dns; { }; hypr = { id = "QmYs4xNBby2fTs8RnzfXEk161KD4mftBfCiR8yXtgGPj4J"; - addr = "10.100.3.5"; routes = [ "10.1.0.1/32" "10.10.0.0/16" @@ -28,7 +27,9 @@ in with tools.dns; { }; hypr = { id = "QmbrAHuh4RYcyN9fWePCZMVmQjbaNXtyvrDCWz4VrchbXh"; - addr = "10.100.3.9"; + routes = [ + "10.1.0.9/32" + ]; }; }; checkmate = { @@ -38,7 +39,9 @@ in with tools.dns; { }; hypr = { id = "12D3KooWL84sAtq1QTYwb7gVbhSNX5ZUfVt4kgYKz8pdif1zpGUh"; - addr = "10.100.3.32"; + routes = [ + "10.1.0.32/32" + ]; }; }; thunderskin = { @@ -48,13 +51,17 @@ in with tools.dns; { }; hypr = { id = "12D3KooWB9AUPorFoACkWbphyargRBV9osJsYuQDumtQ85j7Aqmg"; - addr = "10.100.3.4"; + routes = [ + "10.1.0.4/32" + ]; }; }; loki = { hypr = { id = "QmYZ4qA1W9hEZgDKDgKgjNge1ZX3Z25gVGxs34uEoLghgq"; - addr = "10.100.3.10"; + routes = [ + "10.100.3.10/32" # old + ]; }; }; styx = { diff --git a/hosts/jericho/default.nix b/hosts/jericho/default.nix index e6c96bb..8578e7b 100644 --- a/hosts/jericho/default.nix +++ b/hosts/jericho/default.nix @@ -6,7 +6,6 @@ tools: { hypr = { id = "QmccBLgGP3HR36tTkwSYZX3KDv2EXb1MvYwGVs6PbpbHv9"; - addr = "10.100.3.13"; }; nixos = import ./system.nix; diff --git a/modules/hyprspace/default.nix b/modules/hyprspace/default.nix index 9bf0d6c..5a7b53a 100644 --- a/modules/hyprspace/default.nix +++ b/modules/hyprspace/default.nix @@ -3,33 +3,32 @@ let inherit (config.networking) hostName; inherit (inputs.depot.packages.${pkgs.system}) hyprspace; hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hypr) hosts; - peersFormatted = builtins.mapAttrs (_: x: { + peersFormatted = builtins.mapAttrs (name: x: { + inherit name; inherit (x.hypr) id; - routes = map (net: { inherit net; }) ((x.hypr.routes or []) ++ [ "${x.hypr.addr}/32" ]); + routes = map (net: { inherit net; }) (x.hypr.routes or []); }) hyprspaceCapableNodes; peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted; peerList = builtins.attrValues peersFiltered; myNode = hosts.${hostName}; listenPort = myNode.hypr.listenPort or 8001; - routes' = map (x: lib.genAttrs (x.hypr.routes or []) (_: { ip = x.hypr.addr; })) (builtins.attrValues hyprspaceCapableNodes); - routes = builtins.foldl' (x: y: x // y) {} (lib.flatten routes'); - - interfaceConfig = pkgs.writeText "hyprspace.yml" (builtins.toJSON { - interface = { - name = "hyprspace"; - listen_port = listenPort; - inherit (myNode.hypr) id; - address = "${myNode.hypr.addr}/24"; - private_key = "@HYPRSPACEPRIVATEKEY@"; - }; + interfaceConfig = pkgs.writeText "hyprspace.json" (builtins.toJSON { + listenAddresses = let + port = toString listenPort; + in [ + "/ip4/0.0.0.0/tcp/${port}" + "/ip4/0.0.0.0/udp/${port}/quic-v1" + "/ip6/::/tcp/${port}" + "/ip6/::/udp/${port}/quic-v1" + ]; + privateKey = "@HYPRSPACEPRIVATEKEY@"; peers = peerList; }); privateKeyFile = config.age.secrets.hyprspace-key.path; - runConfig = "/run/hyprspace.yml"; + runConfig = "/run/hyprspace.json"; in { - networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair (v.hypr.addr) ([k "${k}.hypr"])) hyprspaceCapableNodes; age.secrets.hyprspace-key = { file = ../../secrets/hyprspace-key- + "${hostName}.age"; mode = "0400"; @@ -49,11 +48,6 @@ in { ${pkgs.replace-secret}/bin/replace-secret '@HYPRSPACEPRIVATEKEY@' "${privateKeyFile}" ${runConfig} chmod 0400 ${runConfig} ''; - postStart = '' - sleep 1 - '' + lib.concatStringsSep "\n" (lib.mapAttrsToList (net: v: - "${pkgs.iproute2}/bin/ip route add ${net} via ${v.ip} dev hyprspace metric 30000" - ) routes); environment = lib.optionalAttrs config.services.kubo.enable { HYPRSPACE_IPFS_API = config.services.kubo.settings.Addresses.API; }; @@ -61,8 +55,8 @@ in { Group = "wheel"; Restart = "on-failure"; RestartSec = "5s"; - ExecStart = "${hyprspace}/bin/hyprspace up hyprspace -f -c ${runConfig}"; - ExecStop = "${hyprspace}/bin/hyprspace down hyprspace -c ${runConfig}"; + ExecStart = "${hyprspace}/bin/hyprspace up -c ${runConfig}"; + ExecStopPost = "${pkgs.coreutils}/bin/rm -f /run/hyprspace-rpc.hyprspace.sock"; ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; }; };