diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-10-17 20:58:27 +0200 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-10-17 20:58:27 +0200 |
| commit | 610bf85460c1371aa2af035054b7f9d641132388 (patch) | |
| tree | 5ccb6597ecc10c76f114f7b0c8cf51d64d62a8d4 | |
| parent | 3a2161ef205c432db0053e9a82893069b54e55ed (diff) | |
| download | nixos-610bf85460c1371aa2af035054b7f9d641132388.tar nixos-610bf85460c1371aa2af035054b7f9d641132388.tar.gz nixos-610bf85460c1371aa2af035054b7f9d641132388.tar.bz2 nixos-610bf85460c1371aa2af035054b7f9d641132388.tar.xz nixos-610bf85460c1371aa2af035054b7f9d641132388.zip | |
yggdrasil-wg: ...
| -rw-r--r-- | modules/networkd/default.nix | 1 | ||||
| -rw-r--r-- | modules/networkd/systemd-lib.nix | 4 | ||||
| -rw-r--r-- | modules/yggdrasil-wg/default.nix | 13 |
3 files changed, 13 insertions, 5 deletions
diff --git a/modules/networkd/default.nix b/modules/networkd/default.nix index 007f14c6..f78a9aee 100644 --- a/modules/networkd/default.nix +++ b/modules/networkd/default.nix | |||
| @@ -96,6 +96,7 @@ let | |||
| 96 | "MACAddress" | 96 | "MACAddress" |
| 97 | ]) | 97 | ]) |
| 98 | (assertHasField "Name") | 98 | (assertHasField "Name") |
| 99 | (assertMaxLength "Name" 15) | ||
| 99 | (assertHasField "Kind") | 100 | (assertHasField "Kind") |
| 100 | (assertValueOneOf "Kind" [ | 101 | (assertValueOneOf "Kind" [ |
| 101 | "bond" | 102 | "bond" |
diff --git a/modules/networkd/systemd-lib.nix b/modules/networkd/systemd-lib.nix index 2dbf1503..c5b5b7cb 100644 --- a/modules/networkd/systemd-lib.nix +++ b/modules/networkd/systemd-lib.nix | |||
| @@ -90,6 +90,10 @@ in rec { | |||
| 90 | optional (attr ? ${name} && !isInt attr.${name}) | 90 | optional (attr ? ${name} && !isInt attr.${name}) |
| 91 | "Systemd ${group} field `${name}' is not an integer"; | 91 | "Systemd ${group} field `${name}' is not an integer"; |
| 92 | 92 | ||
| 93 | assertMaxLength = name: max: group: attr: | ||
| 94 | optional (attr ? ${name} && stringLength attr.${name} > max) | ||
| 95 | "Systemd ${group} field `${name}' is too long (max of ${max})"; | ||
| 96 | |||
| 93 | checkUnitConfig = group: checks: attrs: let | 97 | checkUnitConfig = group: checks: attrs: let |
| 94 | # We're applied at the top-level type (attrsOf unitOption), so the actual | 98 | # We're applied at the top-level type (attrsOf unitOption), so the actual |
| 95 | # unit options might contain attributes from mkOverride and mkIf that we need to | 99 | # unit options might contain attributes from mkOverride and mkIf that we need to |
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 80443644..fbb38d26 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
| @@ -68,9 +68,9 @@ let | |||
| 68 | linkToGreDev = opts@{from, to, ...}: | 68 | linkToGreDev = opts@{from, to, ...}: |
| 69 | let | 69 | let |
| 70 | other = if from == hostName then to else from; | 70 | other = if from == hostName then to else from; |
| 71 | in nameValuePair "yggdrasil-gre-${other}" { | 71 | in nameValuePair "yggre-${other}" { |
| 72 | netdevConfig = { | 72 | netdevConfig = { |
| 73 | Name = "yggdrasil-gre-${other}"; | 73 | Name = "yggre-${other}"; |
| 74 | Kind = "ip6gretap"; | 74 | Kind = "ip6gretap"; |
| 75 | MTUBytes = toString 1280; | 75 | MTUBytes = toString 1280; |
| 76 | }; | 76 | }; |
| @@ -85,15 +85,15 @@ let | |||
| 85 | hexIx = let | 85 | hexIx = let |
| 86 | hexIx' = toHexString ix; | 86 | hexIx' = toHexString ix; |
| 87 | in if (stringLength hexIx' < 2) then "0${hexIx'}" else hexIx'; | 87 | in if (stringLength hexIx' < 2) then "0${hexIx'}" else hexIx'; |
| 88 | in nameValuePair "yggdrasil-gre-${other}" { | 88 | in nameValuePair "yggre-${other}" { |
| 89 | matchConfig = { | 89 | matchConfig = { |
| 90 | Name = "yggdrasil-gre-${other}"; | 90 | Name = "yggre-${other}"; |
| 91 | }; | 91 | }; |
| 92 | linkConfig = { | 92 | linkConfig = { |
| 93 | MACAddress = "${greHostMACPrefixes.${hostName}}:${hexIx}"; | 93 | MACAddress = "${greHostMACPrefixes.${hostName}}:${hexIx}"; |
| 94 | }; | 94 | }; |
| 95 | networkConfig = { | 95 | networkConfig = { |
| 96 | Tunnel = "yggdrasil-gre-${other}"; | 96 | Tunnel = "yggre-${other}"; |
| 97 | BatmanAdvanced = "yggdrasil"; | 97 | BatmanAdvanced = "yggdrasil"; |
| 98 | }; | 98 | }; |
| 99 | linkConfig = { | 99 | linkConfig = { |
| @@ -223,6 +223,9 @@ in { | |||
| 223 | "yggdrasil-wg.priv" = mkIf (pathExists privateKeyPath) { | 223 | "yggdrasil-wg.priv" = mkIf (pathExists privateKeyPath) { |
| 224 | format = "binary"; | 224 | format = "binary"; |
| 225 | sopsFile = privateKeyPath; | 225 | sopsFile = privateKeyPath; |
| 226 | mode = "0640"; | ||
| 227 | owner = "root"; | ||
| 228 | group = "systemd-network"; | ||
| 226 | }; | 229 | }; |
| 227 | "yggdrasil-udp2raw-secret" = mkIf (any (opts@{to, from, ...}: opts ? "endpointHost" && opts ? "udp2raw") hostLinks) { | 230 | "yggdrasil-udp2raw-secret" = mkIf (any (opts@{to, from, ...}: opts ? "endpointHost" && opts ? "udp2raw") hostLinks) { |
| 228 | format = "binary"; | 231 | format = "binary"; |