diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-10-17 20:58:27 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-10-17 20:58:27 +0200 |
commit | 610bf85460c1371aa2af035054b7f9d641132388 (patch) | |
tree | 5ccb6597ecc10c76f114f7b0c8cf51d64d62a8d4 | |
parent | 3a2161ef205c432db0053e9a82893069b54e55ed (diff) | |
download | nixos-610bf85460c1371aa2af035054b7f9d641132388.tar nixos-610bf85460c1371aa2af035054b7f9d641132388.tar.gz nixos-610bf85460c1371aa2af035054b7f9d641132388.tar.bz2 nixos-610bf85460c1371aa2af035054b7f9d641132388.tar.xz nixos-610bf85460c1371aa2af035054b7f9d641132388.zip |
yggdrasil-wg: ...
-rw-r--r-- | modules/networkd/default.nix | 1 | ||||
-rw-r--r-- | modules/networkd/systemd-lib.nix | 4 | ||||
-rw-r--r-- | modules/yggdrasil-wg/default.nix | 13 |
3 files changed, 13 insertions, 5 deletions
diff --git a/modules/networkd/default.nix b/modules/networkd/default.nix index 007f14c6..f78a9aee 100644 --- a/modules/networkd/default.nix +++ b/modules/networkd/default.nix | |||
@@ -96,6 +96,7 @@ let | |||
96 | "MACAddress" | 96 | "MACAddress" |
97 | ]) | 97 | ]) |
98 | (assertHasField "Name") | 98 | (assertHasField "Name") |
99 | (assertMaxLength "Name" 15) | ||
99 | (assertHasField "Kind") | 100 | (assertHasField "Kind") |
100 | (assertValueOneOf "Kind" [ | 101 | (assertValueOneOf "Kind" [ |
101 | "bond" | 102 | "bond" |
diff --git a/modules/networkd/systemd-lib.nix b/modules/networkd/systemd-lib.nix index 2dbf1503..c5b5b7cb 100644 --- a/modules/networkd/systemd-lib.nix +++ b/modules/networkd/systemd-lib.nix | |||
@@ -90,6 +90,10 @@ in rec { | |||
90 | optional (attr ? ${name} && !isInt attr.${name}) | 90 | optional (attr ? ${name} && !isInt attr.${name}) |
91 | "Systemd ${group} field `${name}' is not an integer"; | 91 | "Systemd ${group} field `${name}' is not an integer"; |
92 | 92 | ||
93 | assertMaxLength = name: max: group: attr: | ||
94 | optional (attr ? ${name} && stringLength attr.${name} > max) | ||
95 | "Systemd ${group} field `${name}' is too long (max of ${max})"; | ||
96 | |||
93 | checkUnitConfig = group: checks: attrs: let | 97 | checkUnitConfig = group: checks: attrs: let |
94 | # We're applied at the top-level type (attrsOf unitOption), so the actual | 98 | # We're applied at the top-level type (attrsOf unitOption), so the actual |
95 | # unit options might contain attributes from mkOverride and mkIf that we need to | 99 | # unit options might contain attributes from mkOverride and mkIf that we need to |
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 80443644..fbb38d26 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
@@ -68,9 +68,9 @@ let | |||
68 | linkToGreDev = opts@{from, to, ...}: | 68 | linkToGreDev = opts@{from, to, ...}: |
69 | let | 69 | let |
70 | other = if from == hostName then to else from; | 70 | other = if from == hostName then to else from; |
71 | in nameValuePair "yggdrasil-gre-${other}" { | 71 | in nameValuePair "yggre-${other}" { |
72 | netdevConfig = { | 72 | netdevConfig = { |
73 | Name = "yggdrasil-gre-${other}"; | 73 | Name = "yggre-${other}"; |
74 | Kind = "ip6gretap"; | 74 | Kind = "ip6gretap"; |
75 | MTUBytes = toString 1280; | 75 | MTUBytes = toString 1280; |
76 | }; | 76 | }; |
@@ -85,15 +85,15 @@ let | |||
85 | hexIx = let | 85 | hexIx = let |
86 | hexIx' = toHexString ix; | 86 | hexIx' = toHexString ix; |
87 | in if (stringLength hexIx' < 2) then "0${hexIx'}" else hexIx'; | 87 | in if (stringLength hexIx' < 2) then "0${hexIx'}" else hexIx'; |
88 | in nameValuePair "yggdrasil-gre-${other}" { | 88 | in nameValuePair "yggre-${other}" { |
89 | matchConfig = { | 89 | matchConfig = { |
90 | Name = "yggdrasil-gre-${other}"; | 90 | Name = "yggre-${other}"; |
91 | }; | 91 | }; |
92 | linkConfig = { | 92 | linkConfig = { |
93 | MACAddress = "${greHostMACPrefixes.${hostName}}:${hexIx}"; | 93 | MACAddress = "${greHostMACPrefixes.${hostName}}:${hexIx}"; |
94 | }; | 94 | }; |
95 | networkConfig = { | 95 | networkConfig = { |
96 | Tunnel = "yggdrasil-gre-${other}"; | 96 | Tunnel = "yggre-${other}"; |
97 | BatmanAdvanced = "yggdrasil"; | 97 | BatmanAdvanced = "yggdrasil"; |
98 | }; | 98 | }; |
99 | linkConfig = { | 99 | linkConfig = { |
@@ -223,6 +223,9 @@ in { | |||
223 | "yggdrasil-wg.priv" = mkIf (pathExists privateKeyPath) { | 223 | "yggdrasil-wg.priv" = mkIf (pathExists privateKeyPath) { |
224 | format = "binary"; | 224 | format = "binary"; |
225 | sopsFile = privateKeyPath; | 225 | sopsFile = privateKeyPath; |
226 | mode = "0640"; | ||
227 | owner = "root"; | ||
228 | group = "systemd-network"; | ||
226 | }; | 229 | }; |
227 | "yggdrasil-udp2raw-secret" = mkIf (any (opts@{to, from, ...}: opts ? "endpointHost" && opts ? "udp2raw") hostLinks) { | 230 | "yggdrasil-udp2raw-secret" = mkIf (any (opts@{to, from, ...}: opts ? "endpointHost" && opts ? "udp2raw") hostLinks) { |
228 | format = "binary"; | 231 | format = "binary"; |