2023-03-07 02:25:57 +02:00
|
|
|
{ pkgs, depot, lib, config, ... }:
|
2021-11-13 13:33:25 +02:00
|
|
|
let
|
|
|
|
inherit (config.networking) hostName;
|
2023-03-07 02:25:57 +02:00
|
|
|
inherit (depot.packages) hyprspace;
|
2023-08-31 01:55:45 +03:00
|
|
|
hyprspaceCapableNodes = lib.filterAttrs (_: host: host.hyprspace.enable) depot.hours;
|
2023-10-25 00:37:36 +03:00
|
|
|
peersFormatted = builtins.mapAttrs (name: x: {
|
|
|
|
inherit name;
|
2023-03-07 02:25:57 +02:00
|
|
|
inherit (x.hyprspace) id;
|
2023-10-25 00:37:36 +03:00
|
|
|
routes = map (net: { inherit net; }) x.hyprspace.routes;
|
2023-01-23 01:48:51 +02:00
|
|
|
}) hyprspaceCapableNodes;
|
2021-11-13 13:33:25 +02:00
|
|
|
peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted;
|
2023-01-23 01:48:51 +02:00
|
|
|
peerList = builtins.attrValues peersFiltered;
|
2023-03-07 02:25:57 +02:00
|
|
|
myNode = depot.reflection;
|
|
|
|
listenPort = myNode.hyprspace.listenPort or 8001;
|
2021-11-13 13:33:25 +02:00
|
|
|
|
2023-10-24 00:15:31 +03:00
|
|
|
interfaceConfig = pkgs.writeText "hyprspace.json" (builtins.toJSON {
|
2023-10-27 01:45:16 +03:00
|
|
|
listenAddresses = let
|
|
|
|
inherit (myNode.interfaces.primary) addr;
|
|
|
|
port = toString listenPort;
|
|
|
|
in [
|
|
|
|
"/ip4/${addr}/tcp/${port}"
|
|
|
|
"/ip4/${addr}/udp/${port}/quic-v1"
|
2023-10-27 22:49:00 +03:00
|
|
|
]
|
|
|
|
++ (map (port: "/ip4/${addr}/tcp/${toString port}") additionalTCPPorts)
|
|
|
|
++ (map (port: "/ip4/${addr}/udp/${toString port}/quic-v1") additionalQUICPorts);
|
2023-10-27 01:45:16 +03:00
|
|
|
privateKey = "@HYPRSPACEPRIVATEKEY@";
|
2022-09-26 02:17:40 +03:00
|
|
|
peers = peerList;
|
|
|
|
});
|
2021-11-13 13:33:25 +02:00
|
|
|
|
|
|
|
privateKeyFile = config.age.secrets.hyprspace-key.path;
|
2023-10-24 00:15:31 +03:00
|
|
|
runConfig = "/run/hyprspace.json";
|
2023-04-13 00:27:20 +03:00
|
|
|
nameservers = lib.unique config.networking.nameservers;
|
2023-10-27 22:49:00 +03:00
|
|
|
|
|
|
|
additionalTCPPorts = [
|
|
|
|
21
|
|
|
|
];
|
|
|
|
additionalQUICPorts = [
|
|
|
|
21
|
|
|
|
443
|
|
|
|
500
|
|
|
|
];
|
2021-11-13 13:33:25 +02:00
|
|
|
in {
|
2023-10-22 16:20:28 +03:00
|
|
|
links.hyprspaceMetrics.protocol = "http";
|
|
|
|
|
2021-11-13 13:33:25 +02:00
|
|
|
age.secrets.hyprspace-key = {
|
2022-02-05 20:09:02 +02:00
|
|
|
file = ../../secrets/hyprspace-key- + "${hostName}.age";
|
2021-11-13 13:33:25 +02:00
|
|
|
mode = "0400";
|
|
|
|
};
|
2023-10-22 16:20:28 +03:00
|
|
|
|
2021-11-13 13:33:25 +02:00
|
|
|
systemd.services.hyprspace = {
|
|
|
|
enable = true;
|
2022-09-27 00:06:13 +03:00
|
|
|
after = [ "network-online.target" ];
|
2021-11-13 13:33:25 +02:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
preStart = ''
|
|
|
|
test -e ${runConfig} && rm ${runConfig}
|
2022-09-26 02:17:40 +03:00
|
|
|
cp ${interfaceConfig} ${runConfig}
|
2021-11-13 13:33:25 +02:00
|
|
|
chmod 0600 ${runConfig}
|
2022-09-26 02:17:40 +03:00
|
|
|
${pkgs.replace-secret}/bin/replace-secret '@HYPRSPACEPRIVATEKEY@' "${privateKeyFile}" ${runConfig}
|
2021-11-13 13:33:25 +02:00
|
|
|
chmod 0400 ${runConfig}
|
|
|
|
'';
|
2023-10-22 16:20:28 +03:00
|
|
|
environment.HYPRSPACE_METRICS_PORT = config.links.hyprspaceMetrics.portStr;
|
2021-11-13 13:33:25 +02:00
|
|
|
serviceConfig = {
|
2023-03-31 19:10:13 +03:00
|
|
|
Group = "wheel";
|
2022-06-18 00:53:36 +03:00
|
|
|
Restart = "on-failure";
|
|
|
|
RestartSec = "5s";
|
2023-10-27 01:45:16 +03:00
|
|
|
ExecStart = "${hyprspace}/bin/hyprspace up -c ${runConfig}";
|
2023-06-05 20:59:41 +03:00
|
|
|
ExecStopPost = "${pkgs.coreutils}/bin/rm -f /run/hyprspace-rpc.hyprspace.sock";
|
2021-11-13 13:33:25 +02:00
|
|
|
IPAddressDeny = [
|
|
|
|
"10.0.0.0/8"
|
|
|
|
"100.64.0.0/10"
|
|
|
|
"169.254.0.0/16"
|
|
|
|
"172.16.0.0/12"
|
|
|
|
"192.0.0.0/24"
|
|
|
|
"192.0.2.0/24"
|
|
|
|
"192.168.0.0/16"
|
|
|
|
"198.18.0.0/15"
|
|
|
|
"198.51.100.0/24"
|
|
|
|
"203.0.113.0/24"
|
|
|
|
"240.0.0.0/4"
|
|
|
|
"100::/64"
|
|
|
|
"2001:2::/48"
|
|
|
|
"2001:db8::/32"
|
|
|
|
"fc00::/7"
|
|
|
|
"fe80::/10"
|
|
|
|
];
|
2023-04-13 00:27:20 +03:00
|
|
|
IPAddressAllow = nameservers;
|
2021-11-13 13:33:25 +02:00
|
|
|
};
|
|
|
|
};
|
2023-10-22 16:20:28 +03:00
|
|
|
|
2021-11-13 13:33:25 +02:00
|
|
|
networking.firewall = {
|
2023-10-27 22:49:00 +03:00
|
|
|
allowedTCPPorts = [ listenPort ] ++ additionalTCPPorts;
|
|
|
|
allowedUDPPorts = [ listenPort ] ++ additionalQUICPorts;
|
2021-11-13 13:33:25 +02:00
|
|
|
trustedInterfaces = [ "hyprspace" ];
|
|
|
|
};
|
2023-10-22 16:20:28 +03:00
|
|
|
|
2023-03-31 19:10:13 +03:00
|
|
|
environment.systemPackages = [
|
|
|
|
hyprspace
|
|
|
|
];
|
2023-10-22 16:20:28 +03:00
|
|
|
|
|
|
|
services.grafana-agent.settings.metrics.configs = lib.singleton {
|
|
|
|
name = "metrics-hyprspace";
|
|
|
|
scrape_configs = lib.singleton {
|
|
|
|
job_name = "hyprspace";
|
|
|
|
static_configs = lib.singleton {
|
|
|
|
targets = lib.singleton config.links.hyprspaceMetrics.tuple;
|
|
|
|
labels = {
|
|
|
|
instance = hostName;
|
|
|
|
peer_id = myNode.hyprspace.id;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2021-11-13 13:33:25 +02:00
|
|
|
}
|