mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Code Activity

services/yggdrasil: init

Browse source
This commit is contained in:
Rubikoid 2024-07-10 19:29:47 +03:00
parent cf297a8d24
commit 32f093fcbe
No known key found for this signature in database
GPG key ID: 56695A46C14736DF
2 changed files with 128 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
modules/module-list.nix
View file

@ -86,6 +86,7 @@
./services/trezord.nix
./services/wg-quick.nix
./services/yabai
./services/yggdrasil.nix
./services/nextdns
./programs/bash
./programs/direnv.nix

127
modules/services/yggdrasil.nix Normal file
View file

@ -0,0 +1,127 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.yggdrasil;
settingsProvided = cfg.settings != { };
configFileProvided = cfg.configFile != null;
format = pkgs.formats.json { };
in
{
meta.maintainers = [ "rubikoid" ];
options = with types; {
services.yggdrasil = {
enable = mkEnableOption "the yggdrasil system service";
settings = mkOption {
type = format.type;
default = { };
example = {
Peers = [
"tcp://aa.bb.cc.dd:eeeee"
"tcp://[aaaa:bbbb:cccc:dddd::eeee]:fffff"
];
Listen = [
"tcp://0.0.0.0:xxxxx"
];
};
description = ''
Configuration for yggdrasil, as a Nix attribute set.
Warning: this is stored in the WORLD-READABLE Nix store!
Therefore, it is not appropriate for private keys. If you
wish to specify the keys, use {option}`configFile`.
If no keys are specified then ephemeral keys are generated
and the Yggdrasil interface will have a random IPv6 address
each time the service is started. This is the default.
If both {option}`configFile` and {option}`settings`
are supplied, they will be combined, with values from
{option}`configFile` taking precedence.
You can use the command `nix-shell -p yggdrasil --run "yggdrasil -genconf"`
to generate default configuration values with documentation.
'';
};
configFile = mkOption {
type = nullOr path;
default = null;
example = "/run/keys/yggdrasil.conf";
description = lib.mdDoc ''
A file which contains JSON or HJSON configuration for yggdrasil. See
the {option}`settings` option for more information.
On NixOS, file in this option is limited to 1 MB due to limitations
in systemd. If you would like to share your yggdrasil configuration
between nix-darwin and NixOS, you should keep this limitation in mind,
even though there is no equivalent limit on macOS.
'';
};
package = mkPackageOption pkgs "yggdrasil" { };
extraArgs = mkOption {
type = listOf str;
default = [ ];
example = [ "-loglevel" "info" ];
description = lib.mdDoc "Extra command line arguments.";
};
logFile = mkOption {
type = nullOr path;
default = null;
example = "/var/log/yggdrasil.log";
description = "Path to logfile with stdout and stderr of yggdrsail daemon";
};
};
};
config = mkIf cfg.enable (
let
yggdrasilConf = "/run/yggdrasil/yggdrasil.conf";
binYggdrasil = "${cfg.package}/bin/yggdrasil";
binHjson = "${pkgs.hjson-go}/bin/hjson-cli";
binJq = "${pkgs.jq}/bin/jq";
in
{
environment.systemPackages = [ cfg.package ];
# have to write it in that way to not interfere with brew's (or idk github?) ygg.plist
launchd.daemons.ygg =
{
script = ''
set -euo pipefail
mkdir -p $(dirname ${yggdrasilConf})
# prepare config file
${(if settingsProvided || configFileProvided then
"echo "
+ (lib.optionalString settingsProvided
"'${builtins.toJSON cfg.settings}'")
+ (lib.optionalString configFileProvided
"$(${binHjson} -c ${cfg.configFile})")
+ " | ${binJq} -s add | ${binYggdrasil} -normaliseconf -useconf > ${yggdrasilConf}"
else
"if [ ! -f '${yggdrasilConf}' ]; then ${binYggdrasil} -genconf > ${yggdrasilConf}; fi")}
# start yggdrasil
${binYggdrasil} -useconffile ${yggdrasilConf} ${lib.strings.escapeShellArgs cfg.extraArgs}
'';
serviceConfig = {
ProcessType = "Interactive";
StandardOutPath = cfg.logFile;
StandardErrorPath = cfg.logFile;
KeepAlive = true;
RunAtLoad = true;
};
};
}
);
}