Merge branch 'master' into updates-20221002

hosts/VEGAS/default.nix

@@ -19,6 +19,10 @@ tools: {
     id = "QmYs4xNBby2fTs8RnzfXEk161KD4mftBfCiR8yXtgGPj4J";
     addr = "10.100.3.5";
     listenPort = 995;
+    routes = [
+      "10.1.0.1/32"
+      "10.10.0.0/16"
+    ];
   };
 
   enterprise = {

hosts/VEGAS/services/minecraft/customer-0fyy6ksf.nix

@@ -0,0 +1,31 @@
+{ config, inputs, pkgs, ... }:
+let
+  custId = "0fyy6ksf";
+in
+{
+  links."mc-${custId}" = {};
+  links."mc-rcon-${custId}" = {};
+  services.modded-minecraft-servers.instances."${custId}" = {
+    enable = true;
+    rsyncSSHKeys = [
+      "ssh-ed25519 dummyKey"
+    ];
+    jvmPackage = inputs.self.packages.${pkgs.system}.jre17_standard;
+    jvmInitialAllocation = "2G";
+    jvmMaxAllocation = "4G";
+    serverConfig = {
+      server-port = config.links."mc-${custId}".port;
+      motd = "Hosted by Private Void";
+      enable-rcon = true;
+      rcon-port = config.links."mc-rcon-${custId}".port;
+      rcon-password = "manager";
+      allow-flight = true;
+    };
+  };
+  systemd.services."mc-${custId}".serviceConfig = {
+    CPUQuota = "200%";
+    MemoryHigh = "4.2G";
+    MemoryMax = "4.3G";
+    MemorySwapMax = "1G";
+  };
+}

hosts/VEGAS/services/minecraft/default.nix

@@ -2,5 +2,6 @@
   services.modded-minecraft-servers.eula = true;
   imports = [
     ./num.nix
+    ./customer-0fyy6ksf.nix
   ];
 }

modules/hyprspace/default.nix

@@ -9,6 +9,9 @@ let
   myNode = hosts.${hostName};
   listenPort = myNode.hypr.listenPort or 8001;
 
+  routes' = map (x: lib.genAttrs (x.hypr.routes or []) (_: { ip = x.hypr.addr; })) (builtins.attrValues hyprspaceCapableNodes);
+  routes = builtins.foldl' (x: y: x // y) {} (lib.flatten routes');
+
   interfaceConfig = pkgs.writeText "hyprspace.yml" (builtins.toJSON {
     interface = {
       name = "hyprspace";
@@ -18,6 +21,7 @@ let
       private_key = "@HYPRSPACEPRIVATEKEY@";
     };
     peers = peerList;
+    inherit routes;
   });
 
   privateKeyFile = config.age.secrets.hyprspace-key.path;

packages/networking/hyprspace/README.md

@@ -187,6 +187,49 @@ sudo hyprspace down hs1
 
 WireGuard is a registered trademark of Jason A. Donenfeld.
 
+
+## Routes
+
+### Prepare each route node:
+
+```
+# sysctl -n net.ipv4.ip_forward
+0
+# sysctl -w net.ipv4.ip_forward=1
+iptables -t nat -A POSTROUTING -s <YOUR_TUN_NET>/24 -o eth0 -j MASQUERADE
+iptables -A FORWARD 1 -i <HS_TUN> -o <DEV_GATEWAY> -j ACCEPT
+iptables -A FORWARD 1 -i <DEV_GATEWAY> -o <HS_TUN> -j ACCEPT
+
+```
+Determine gateway router:
+```
+# curl ifconfg.me
+<GATEWAY_ROUTER>
+```
+
+### Configure client:
+Config hyprspace yaml configuration file:
+```
+interface:
+  ...
+peers:
+  ID: ...
+  ...
+routes:
+  192.168.3.0/24:
+    ip: 10.0.0.3
+  0.0.0.0/0:
+    ip: 10.0.0.1
+
+```
+Prepare routes
+```
+One for each route:
+# ip route add <GATEWAY_ROUTER> via <YOUR_GATEWAY> 
+
+And all traffic for hyprspace tun
+# ip route add default dev <HS_TUN> metric 1
+```
 ## License
 
 Copyright 2021-2022 Alec Scott <hi@alecbcs.com>

packages/networking/hyprspace/cli/up.go

@@ -180,6 +180,10 @@ func UpRun(r *cmd.Root, c *cmd.Sub) {
 	// Initialize active streams map and packet byte array.
 	activeStreams = make(map[string]network.Stream)
 	var packet = make([]byte, 1420)
+	ip, _, err := net.ParseCIDR(cfg.Interface.Address)
+	if err != nil {
+		checkErr(errors.New("unable to parse address"))
+	}
 	for {
 		// Read in a packet from the tun device.
 		plen, err := tunDev.Iface.Read(packet)
@@ -188,8 +192,21 @@ func UpRun(r *cmd.Root, c *cmd.Sub) {
 			continue
 		}
 
-		// Decode the packet's destination address
+		dstIP := net.IPv4(packet[16], packet[17], packet[18], packet[19])
-		dst := net.IPv4(packet[16], packet[17], packet[18], packet[19]).String()
+		dst := dstIP.String()
+
+		// Check route table for destination address.
+		for route, _ := range cfg.Routes {
+			_, network, _ := net.ParseCIDR(route)
+			if network.Contains(dstIP) {
+				src := net.IPv4(packet[12], packet[13], packet[14], packet[15])
+				_, ok := peerTable[dst]
+				// Only rewrite if initiator is us or receiver is not a known peer
+				if src.Equal(ip) && !ok {
+					dst = cfg.Routes[route].IP
+				}
+			}
+		}
 
 		// Check if we already have an open connection to the destination peer.
 		stream, ok := activeStreams[dst]

packages/networking/hyprspace/config/config.go

@@ -13,6 +13,7 @@ type Config struct {
 	Path      string           `yaml:"path,omitempty"`
 	Interface Interface        `yaml:"interface"`
 	Peers     map[string]Peer  `yaml:"peers"`
+	Routes    map[string]Route `yaml:"routes"`
 }
 
 // Interface defines all of the fields that a local node needs to know about itself!
@@ -29,6 +30,10 @@ type Peer struct {
 	ID string `yaml:"id"`
 }
 
+type Route struct {
+	IP string `yaml:"ip"`
+}
+
 // Read initializes a config from a file.
 func Read(path string) (*Config, error) {
 	in, err := os.ReadFile(path)
@@ -55,6 +60,17 @@ func Read(path string) (*Config, error) {
 	for ip := range result.Peers {
 		if net.ParseIP(ip).String() == "<nil>" {
 			return nil, fmt.Errorf("%s is not a valid ip address", ip)
+		} else {
+			fmt.Printf("[+] Assign this ip: %s to node: %s.\n", ip, result.Peers[ip].ID)
+		}
+	}
+
+	for route := range result.Routes {
+		_, _, err := net.ParseCIDR(route)
+		if err != nil {
+			return nil, fmt.Errorf("%s is not a valid route", route)
+		} else {
+			fmt.Printf("[+] Assign route %s via %s.\n", route, result.Routes[route].IP)
 		}
 	}
 

packages/patched-derivations.nix

@@ -38,6 +38,7 @@ super: rec {
           "jdk.xml.dom"
           "jdk.sctp"
           "jdk.management"
+          "jdk.dynalink"
       ];
     };
   in jre // { meta = jre.meta // { inherit (super.jdk17_headless.meta) platforms; }; };