diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/networkd/default.nix | 1 | ||||
| -rw-r--r-- | modules/networkd/systemd-lib.nix | 4 | ||||
| -rw-r--r-- | modules/yggdrasil-wg/default.nix | 13 | 
3 files changed, 13 insertions, 5 deletions
| diff --git a/modules/networkd/default.nix b/modules/networkd/default.nix index 007f14c6..f78a9aee 100644 --- a/modules/networkd/default.nix +++ b/modules/networkd/default.nix | |||
| @@ -96,6 +96,7 @@ let | |||
| 96 | "MACAddress" | 96 | "MACAddress" | 
| 97 | ]) | 97 | ]) | 
| 98 | (assertHasField "Name") | 98 | (assertHasField "Name") | 
| 99 | (assertMaxLength "Name" 15) | ||
| 99 | (assertHasField "Kind") | 100 | (assertHasField "Kind") | 
| 100 | (assertValueOneOf "Kind" [ | 101 | (assertValueOneOf "Kind" [ | 
| 101 | "bond" | 102 | "bond" | 
| diff --git a/modules/networkd/systemd-lib.nix b/modules/networkd/systemd-lib.nix index 2dbf1503..c5b5b7cb 100644 --- a/modules/networkd/systemd-lib.nix +++ b/modules/networkd/systemd-lib.nix | |||
| @@ -90,6 +90,10 @@ in rec { | |||
| 90 | optional (attr ? ${name} && !isInt attr.${name}) | 90 | optional (attr ? ${name} && !isInt attr.${name}) | 
| 91 | "Systemd ${group} field `${name}' is not an integer"; | 91 | "Systemd ${group} field `${name}' is not an integer"; | 
| 92 | 92 | ||
| 93 | assertMaxLength = name: max: group: attr: | ||
| 94 | optional (attr ? ${name} && stringLength attr.${name} > max) | ||
| 95 | "Systemd ${group} field `${name}' is too long (max of ${max})"; | ||
| 96 | |||
| 93 | checkUnitConfig = group: checks: attrs: let | 97 | checkUnitConfig = group: checks: attrs: let | 
| 94 | # We're applied at the top-level type (attrsOf unitOption), so the actual | 98 | # We're applied at the top-level type (attrsOf unitOption), so the actual | 
| 95 | # unit options might contain attributes from mkOverride and mkIf that we need to | 99 | # unit options might contain attributes from mkOverride and mkIf that we need to | 
| diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 80443644..fbb38d26 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
| @@ -68,9 +68,9 @@ let | |||
| 68 | linkToGreDev = opts@{from, to, ...}: | 68 | linkToGreDev = opts@{from, to, ...}: | 
| 69 | let | 69 | let | 
| 70 | other = if from == hostName then to else from; | 70 | other = if from == hostName then to else from; | 
| 71 | in nameValuePair "yggdrasil-gre-${other}" { | 71 | in nameValuePair "yggre-${other}" { | 
| 72 | netdevConfig = { | 72 | netdevConfig = { | 
| 73 | Name = "yggdrasil-gre-${other}"; | 73 | Name = "yggre-${other}"; | 
| 74 | Kind = "ip6gretap"; | 74 | Kind = "ip6gretap"; | 
| 75 | MTUBytes = toString 1280; | 75 | MTUBytes = toString 1280; | 
| 76 | }; | 76 | }; | 
| @@ -85,15 +85,15 @@ let | |||
| 85 | hexIx = let | 85 | hexIx = let | 
| 86 | hexIx' = toHexString ix; | 86 | hexIx' = toHexString ix; | 
| 87 | in if (stringLength hexIx' < 2) then "0${hexIx'}" else hexIx'; | 87 | in if (stringLength hexIx' < 2) then "0${hexIx'}" else hexIx'; | 
| 88 | in nameValuePair "yggdrasil-gre-${other}" { | 88 | in nameValuePair "yggre-${other}" { | 
| 89 | matchConfig = { | 89 | matchConfig = { | 
| 90 | Name = "yggdrasil-gre-${other}"; | 90 | Name = "yggre-${other}"; | 
| 91 | }; | 91 | }; | 
| 92 | linkConfig = { | 92 | linkConfig = { | 
| 93 | MACAddress = "${greHostMACPrefixes.${hostName}}:${hexIx}"; | 93 | MACAddress = "${greHostMACPrefixes.${hostName}}:${hexIx}"; | 
| 94 | }; | 94 | }; | 
| 95 | networkConfig = { | 95 | networkConfig = { | 
| 96 | Tunnel = "yggdrasil-gre-${other}"; | 96 | Tunnel = "yggre-${other}"; | 
| 97 | BatmanAdvanced = "yggdrasil"; | 97 | BatmanAdvanced = "yggdrasil"; | 
| 98 | }; | 98 | }; | 
| 99 | linkConfig = { | 99 | linkConfig = { | 
| @@ -223,6 +223,9 @@ in { | |||
| 223 | "yggdrasil-wg.priv" = mkIf (pathExists privateKeyPath) { | 223 | "yggdrasil-wg.priv" = mkIf (pathExists privateKeyPath) { | 
| 224 | format = "binary"; | 224 | format = "binary"; | 
| 225 | sopsFile = privateKeyPath; | 225 | sopsFile = privateKeyPath; | 
| 226 | mode = "0640"; | ||
| 227 | owner = "root"; | ||
| 228 | group = "systemd-network"; | ||
| 226 | }; | 229 | }; | 
| 227 | "yggdrasil-udp2raw-secret" = mkIf (any (opts@{to, from, ...}: opts ? "endpointHost" && opts ? "udp2raw") hostLinks) { | 230 | "yggdrasil-udp2raw-secret" = mkIf (any (opts@{to, from, ...}: opts ? "endpointHost" && opts ? "udp2raw") hostLinks) { | 
| 228 | format = "binary"; | 231 | format = "binary"; | 
