From 610bf85460c1371aa2af035054b7f9d641132388 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 17 Oct 2021 20:58:27 +0200 Subject: yggdrasil-wg: ... --- modules/networkd/default.nix | 1 + modules/networkd/systemd-lib.nix | 4 ++++ modules/yggdrasil-wg/default.nix | 13 ++++++++----- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/modules/networkd/default.nix b/modules/networkd/default.nix index 007f14c6..f78a9aee 100644 --- a/modules/networkd/default.nix +++ b/modules/networkd/default.nix @@ -96,6 +96,7 @@ let "MACAddress" ]) (assertHasField "Name") + (assertMaxLength "Name" 15) (assertHasField "Kind") (assertValueOneOf "Kind" [ "bond" diff --git a/modules/networkd/systemd-lib.nix b/modules/networkd/systemd-lib.nix index 2dbf1503..c5b5b7cb 100644 --- a/modules/networkd/systemd-lib.nix +++ b/modules/networkd/systemd-lib.nix @@ -90,6 +90,10 @@ in rec { optional (attr ? ${name} && !isInt attr.${name}) "Systemd ${group} field `${name}' is not an integer"; + assertMaxLength = name: max: group: attr: + optional (attr ? ${name} && stringLength attr.${name} > max) + "Systemd ${group} field `${name}' is too long (max of ${max})"; + checkUnitConfig = group: checks: attrs: let # We're applied at the top-level type (attrsOf unitOption), so the actual # unit options might contain attributes from mkOverride and mkIf that we need to diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 80443644..fbb38d26 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix @@ -68,9 +68,9 @@ let linkToGreDev = opts@{from, to, ...}: let other = if from == hostName then to else from; - in nameValuePair "yggdrasil-gre-${other}" { + in nameValuePair "yggre-${other}" { netdevConfig = { - Name = "yggdrasil-gre-${other}"; + Name = "yggre-${other}"; Kind = "ip6gretap"; MTUBytes = toString 1280; }; @@ -85,15 +85,15 @@ let hexIx = let hexIx' = toHexString ix; in if (stringLength hexIx' < 2) then "0${hexIx'}" else hexIx'; - in nameValuePair "yggdrasil-gre-${other}" { + in nameValuePair "yggre-${other}" { matchConfig = { - Name = "yggdrasil-gre-${other}"; + Name = "yggre-${other}"; }; linkConfig = { MACAddress = "${greHostMACPrefixes.${hostName}}:${hexIx}"; }; networkConfig = { - Tunnel = "yggdrasil-gre-${other}"; + Tunnel = "yggre-${other}"; BatmanAdvanced = "yggdrasil"; }; linkConfig = { @@ -223,6 +223,9 @@ in { "yggdrasil-wg.priv" = mkIf (pathExists privateKeyPath) { format = "binary"; sopsFile = privateKeyPath; + mode = "0640"; + owner = "root"; + group = "systemd-network"; }; "yggdrasil-udp2raw-secret" = mkIf (any (opts@{to, from, ...}: opts ? "endpointHost" && opts ? "udp2raw") hostLinks) { format = "binary"; -- cgit v1.2.3