depot/modules/hyprspace/default.nix

83 lines
2.6 KiB
Nix
Raw Normal View History

2023-03-07 02:25:57 +02:00
{ pkgs, depot, lib, config, ... }:
2021-11-13 13:33:25 +02:00
let
inherit (config.networking) hostName;
2023-03-07 02:25:57 +02:00
inherit (depot.packages) hyprspace;
2023-08-31 01:55:45 +03:00
hyprspaceCapableNodes = lib.filterAttrs (_: host: host.hyprspace.enable) depot.hours;
peersFormatted = builtins.mapAttrs (_: x: {
2023-03-07 02:25:57 +02:00
inherit (x.hyprspace) id;
routes = map (net: { inherit net; }) ((x.hyprspace.routes or []) ++ [ "${x.hyprspace.addr}/32" ]);
}) hyprspaceCapableNodes;
2021-11-13 13:33:25 +02:00
peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted;
peerList = builtins.attrValues peersFiltered;
2023-03-07 02:25:57 +02:00
myNode = depot.reflection;
listenPort = myNode.hyprspace.listenPort or 8001;
2021-11-13 13:33:25 +02:00
2022-09-26 02:17:40 +03:00
interfaceConfig = pkgs.writeText "hyprspace.yml" (builtins.toJSON {
interface = {
name = "hyprspace";
listen_port = listenPort;
2023-03-07 02:25:57 +02:00
inherit (myNode.hyprspace) id;
address = "${myNode.hyprspace.addr}/24";
2022-09-26 02:17:40 +03:00
private_key = "@HYPRSPACEPRIVATEKEY@";
};
peers = peerList;
});
2021-11-13 13:33:25 +02:00
privateKeyFile = config.age.secrets.hyprspace-key.path;
runConfig = "/run/hyprspace.yml";
nameservers = lib.unique config.networking.nameservers;
2021-11-13 13:33:25 +02:00
in {
2023-03-07 02:25:57 +02:00
networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair v.hyprspace.addr [k "${k}.hypr"]) hyprspaceCapableNodes;
2021-11-13 13:33:25 +02:00
age.secrets.hyprspace-key = {
2022-02-05 20:09:02 +02:00
file = ../../secrets/hyprspace-key- + "${hostName}.age";
2021-11-13 13:33:25 +02:00
mode = "0400";
};
systemd.services.hyprspace = {
enable = true;
2022-09-27 00:06:13 +03:00
after = [ "network-online.target" ];
2021-11-13 13:33:25 +02:00
wantedBy = [ "multi-user.target" ];
preStart = ''
test -e ${runConfig} && rm ${runConfig}
2022-09-26 02:17:40 +03:00
cp ${interfaceConfig} ${runConfig}
2021-11-13 13:33:25 +02:00
chmod 0600 ${runConfig}
2022-09-26 02:17:40 +03:00
${pkgs.replace-secret}/bin/replace-secret '@HYPRSPACEPRIVATEKEY@' "${privateKeyFile}" ${runConfig}
2021-11-13 13:33:25 +02:00
chmod 0400 ${runConfig}
'';
serviceConfig = {
Group = "wheel";
2022-06-18 00:53:36 +03:00
Restart = "on-failure";
RestartSec = "5s";
2021-11-13 13:33:25 +02:00
ExecStart = "${hyprspace}/bin/hyprspace up hyprspace -f -c ${runConfig}";
ExecStop = "${hyprspace}/bin/hyprspace down hyprspace";
ExecStopPost = "${pkgs.coreutils}/bin/rm -f /run/hyprspace-rpc.hyprspace.sock";
2021-11-13 13:33:25 +02:00
IPAddressDeny = [
"10.0.0.0/8"
"100.64.0.0/10"
"169.254.0.0/16"
"172.16.0.0/12"
"192.0.0.0/24"
"192.0.2.0/24"
"192.168.0.0/16"
"198.18.0.0/15"
"198.51.100.0/24"
"203.0.113.0/24"
"240.0.0.0/4"
"100::/64"
"2001:2::/48"
"2001:db8::/32"
"fc00::/7"
"fe80::/10"
];
IPAddressAllow = nameservers;
2021-11-13 13:33:25 +02:00
};
};
networking.firewall = {
allowedTCPPorts = [ listenPort ];
allowedUDPPorts = [ listenPort ];
trustedInterfaces = [ "hyprspace" ];
};
environment.systemPackages = [
hyprspace
];
2021-11-13 13:33:25 +02:00
}