privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

modules/hyprspace: use upstream module

Browse source
This commit is contained in:
Max Headroom 2024-06-04 15:51:00 +02:00
parent 1cc18c5480
commit db1f1263f4
1 changed files with 23 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
modules/hyprspace/default.nix
View file

@ -1,7 +1,6 @@
{ pkgs, depot, lib, config, ... }: { depot, lib, config, ... }:
let let
inherit (config.networking) hostName; inherit (config.networking) hostName;
hyprspace = depot.inputs.hyprspace.packages.default;
hyprspaceCapableNodes = lib.filterAttrs (_: host: host.hyprspace.enable) depot.hours; hyprspaceCapableNodes = lib.filterAttrs (_: host: host.hyprspace.enable) depot.hours;
peersFormatted = builtins.mapAttrs (name: x: { peersFormatted = builtins.mapAttrs (name: x: {
inherit name; inherit name;
@ -13,22 +12,7 @@ let
myNode = depot.reflection; myNode = depot.reflection;
listenPort = myNode.hyprspace.listenPort or 8001; listenPort = myNode.hyprspace.listenPort or 8001;
interfaceConfig = pkgs.writeText "hyprspace.json" (builtins.toJSON {
listenAddresses = let
inherit (myNode.interfaces.primary) addr;
port = toString listenPort;
in [
"/ip4/${addr}/tcp/${port}"
"/ip4/${addr}/udp/${port}/quic-v1"
]
++ (map (port: "/ip4/${addr}/tcp/${toString port}") additionalTCPPorts)
++ (map (port: "/ip4/${addr}/udp/${toString port}/quic-v1") additionalQUICPorts);
privateKey = "@HYPRSPACEPRIVATEKEY@";
peers = peerList;
});
privateKeyFile = config.age.secrets.hyprspace-key.path; privateKeyFile = config.age.secrets.hyprspace-key.path;
runConfig = "/run/hyprspace.json";
nameservers = lib.unique config.networking.nameservers; nameservers = lib.unique config.networking.nameservers;
additionalTCPPorts = [ additionalTCPPorts = [
@ -40,6 +24,11 @@ let
500 500
]; ];
in { in {
imports = [
depot.inputs.hyprspace.nixosModules.default
];
links.hyprspaceMetrics.protocol = "http"; links.hyprspaceMetrics.protocol = "http";
age.secrets.hyprspace-key = { age.secrets.hyprspace-key = {
@ -48,23 +37,7 @@ in {
}; };
systemd.services.hyprspace = { systemd.services.hyprspace = {
enable = true;
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
test -e ${runConfig} && rm ${runConfig}
cp ${interfaceConfig} ${runConfig}
chmod 0600 ${runConfig}
${pkgs.replace-secret}/bin/replace-secret '@HYPRSPACEPRIVATEKEY@' "${privateKeyFile}" ${runConfig}
chmod 0400 ${runConfig}
'';
environment.HYPRSPACE_METRICS_PORT = config.links.hyprspaceMetrics.portStr;
serviceConfig = { serviceConfig = {
Group = "wheel";
Restart = "on-failure";
RestartSec = "5s";
ExecStart = "${hyprspace}/bin/hyprspace up -c ${runConfig}";
ExecStopPost = "${pkgs.coreutils}/bin/rm -f /run/hyprspace-rpc.hyprspace.sock";
IPAddressDeny = [ IPAddressDeny = [
"10.0.0.0/8" "10.0.0.0/8"
"100.64.0.0/10" "100.64.0.0/10"
@ -87,15 +60,25 @@ in {
}; };
}; };
networking.firewall = { services.hyprspace = {
allowedTCPPorts = [ listenPort ] ++ additionalTCPPorts; enable = true;
allowedUDPPorts = [ listenPort ] ++ additionalQUICPorts; metricsPort = config.links.hyprspaceMetrics.port;
trustedInterfaces = [ "hyprspace" ]; inherit privateKeyFile;
settings = {
listenAddresses = let
inherit (myNode.interfaces.primary) addr;
port = toString listenPort;
in [
"/ip4/${addr}/tcp/${port}"
"/ip4/${addr}/udp/${port}/quic-v1"
]
++ (map (port: "/ip4/${addr}/tcp/${toString port}") additionalTCPPorts)
++ (map (port: "/ip4/${addr}/udp/${toString port}/quic-v1") additionalQUICPorts);
peers = peerList;
};
}; };
environment.systemPackages = [ networking.firewall.trustedInterfaces = [ "hyprspace" ];
hyprspace
];
services.grafana-agent.settings.metrics.configs = lib.singleton { services.grafana-agent.settings.metrics.configs = lib.singleton {
name = "metrics-hyprspace"; name = "metrics-hyprspace";