depot/modules/hyprspace/default.nix

97 lines
2.5 KiB
Nix
Raw Permalink Normal View History

2024-06-04 16:51:00 +03:00
{ depot, lib, config, ... }:
2021-11-13 13:33:25 +02:00
let
inherit (config.networking) hostName;
2023-08-31 01:55:45 +03:00
hyprspaceCapableNodes = lib.filterAttrs (_: host: host.hyprspace.enable) depot.hours;
peersFormatted = builtins.mapAttrs (name: x: {
inherit name;
2023-03-07 02:25:57 +02:00
inherit (x.hyprspace) id;
routes = map (net: { inherit net; }) x.hyprspace.routes;
}) hyprspaceCapableNodes;
2021-11-13 13:33:25 +02:00
peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted;
peerList = builtins.attrValues peersFiltered;
myNode = config.reflection;
2023-03-07 02:25:57 +02:00
listenPort = myNode.hyprspace.listenPort or 8001;
2021-11-13 13:33:25 +02:00
privateKeyFile = config.age.secrets.hyprspace-key.path;
nameservers = lib.unique config.networking.nameservers;
additionalTCPPorts = [
21
];
additionalQUICPorts = [
21
443
500
];
2021-11-13 13:33:25 +02:00
in {
2024-06-04 16:51:00 +03:00
imports = [
depot.inputs.hyprspace.nixosModules.default
];
2023-10-22 16:20:28 +03:00
links.hyprspaceMetrics.protocol = "http";
2021-11-13 13:33:25 +02:00
age.secrets.hyprspace-key = {
2022-02-05 20:09:02 +02:00
file = ../../secrets/hyprspace-key- + "${hostName}.age";
2021-11-13 13:33:25 +02:00
mode = "0400";
};
2023-10-22 16:20:28 +03:00
2021-11-13 13:33:25 +02:00
systemd.services.hyprspace = {
serviceConfig = {
IPAddressDeny = [
"10.0.0.0/8"
"100.64.0.0/10"
"169.254.0.0/16"
"172.16.0.0/12"
"192.0.0.0/24"
"192.0.2.0/24"
"192.168.0.0/16"
"198.18.0.0/15"
"198.51.100.0/24"
"203.0.113.0/24"
"240.0.0.0/4"
"100::/64"
"2001:2::/48"
"2001:db8::/32"
"fc00::/7"
"fe80::/10"
];
IPAddressAllow = nameservers;
2021-11-13 13:33:25 +02:00
};
};
2023-10-22 16:20:28 +03:00
2024-06-04 16:51:00 +03:00
services.hyprspace = {
enable = true;
metricsPort = config.links.hyprspaceMetrics.port;
inherit privateKeyFile;
settings = {
listenAddresses = let
inherit (myNode.interfaces.primary) addr;
port = toString listenPort;
in [
"/ip4/${addr}/tcp/${port}"
"/ip4/${addr}/udp/${port}/quic-v1"
]
++ (map (port: "/ip4/${addr}/tcp/${toString port}") additionalTCPPorts)
++ (map (port: "/ip4/${addr}/udp/${toString port}/quic-v1") additionalQUICPorts);
peers = peerList;
};
2021-11-13 13:33:25 +02:00
};
2023-10-22 16:20:28 +03:00
2024-06-04 16:51:00 +03:00
networking.firewall.trustedInterfaces = [ "hyprspace" ];
2023-10-22 16:20:28 +03:00
services.grafana-agent.settings.metrics.configs = lib.singleton {
name = "metrics-hyprspace";
scrape_configs = lib.singleton {
job_name = "hyprspace";
static_configs = lib.singleton {
targets = lib.singleton config.links.hyprspaceMetrics.tuple;
labels = {
instance = hostName;
peer_id = myNode.hyprspace.id;
};
};
};
};
2021-11-13 13:33:25 +02:00
}