{ inputs, pkgs, lib, hosts, config, ... }: let inherit (config.networking) hostName; inherit (inputs.depot.packages.${pkgs.system}) hyprspace; hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hypr) hosts; peersFormatted = builtins.mapAttrs (_: x: { inherit (x.hypr) id; routes = map (net: { inherit net; }) ((x.hypr.routes or []) ++ [ "${x.hypr.addr}/32" ]); }) hyprspaceCapableNodes; peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted; peerList = builtins.attrValues peersFiltered; myNode = hosts.${hostName}; listenPort = myNode.hypr.listenPort or 8001; routes' = map (x: lib.genAttrs (x.hypr.routes or []) (_: { ip = x.hypr.addr; })) (builtins.attrValues hyprspaceCapableNodes); routes = builtins.foldl' (x: y: x // y) {} (lib.flatten routes'); interfaceConfig = pkgs.writeText "hyprspace.yml" (builtins.toJSON { interface = { name = "hyprspace"; listen_port = listenPort; inherit (myNode.hypr) id; address = "${myNode.hypr.addr}/24"; private_key = "@HYPRSPACEPRIVATEKEY@"; }; peers = peerList; }); privateKeyFile = config.age.secrets.hyprspace-key.path; runConfig = "/run/hyprspace.yml"; in { networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair (v.hypr.addr) ([k "${k}.hypr"])) hyprspaceCapableNodes; age.secrets.hyprspace-key = { file = ../../secrets/hyprspace-key- + "${hostName}.age"; mode = "0400"; }; environment.systemPackages = [ hyprspace ]; systemd.services.hyprspace = { enable = true; wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; after = [ "network-online.target" ]; preStart = '' test -e ${runConfig} && rm ${runConfig} cp ${interfaceConfig} ${runConfig} chmod 0600 ${runConfig} ${pkgs.replace-secret}/bin/replace-secret '@HYPRSPACEPRIVATEKEY@' "${privateKeyFile}" ${runConfig} chmod 0400 ${runConfig} ''; postStart = '' sleep 1 '' + lib.concatStringsSep "\n" (lib.mapAttrsToList (net: v: "${pkgs.iproute2}/bin/ip route add ${net} via ${v.ip} dev hyprspace metric 30000" ) routes); environment = lib.optionalAttrs config.services.kubo.enable { HYPRSPACE_IPFS_API = config.services.kubo.settings.Addresses.API; }; serviceConfig = { Group = "wheel"; Restart = "on-failure"; RestartSec = "5s"; ExecStart = "${hyprspace}/bin/hyprspace up hyprspace -f -c ${runConfig}"; ExecStop = "${hyprspace}/bin/hyprspace down hyprspace -c ${runConfig}"; ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; }; }; networking.firewall = { allowedTCPPorts = [ listenPort ]; allowedUDPPorts = [ listenPort ]; trustedInterfaces = [ "hyprspace" ]; }; networking.networkmanager.dispatcherScripts = [{ source = pkgs.writeShellScript "hyprspace-reconnect.sh" '' [[ "$2" != "up" ]] && exit 0 PATH=${pkgs.systemd}/bin:$PATH case $1 in wl*|en*) systemctl reload-or-restart --no-block hyprspace.service;; esac exit 0 ''; type = "basic"; }]; }