yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'add module for meshnamed' (#499) from Mic92-sops-nix into main

Browse Source
This commit is contained in:
clan-bot
2023-11-14 12:01:26 +00:00
parent 8433d85d18 7fd0f1fbb7
commit 0f464838f6
7 changed files with 75 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
checks/flake-module.nix
View File

@@ -16,6 +16,7 @@
secrets = import ./secrets nixosTestArgs; secrets = import ./secrets nixosTestArgs;
container = import ./container nixosTestArgs; container = import ./container nixosTestArgs;
deltachat = import ./deltachat nixosTestArgs; deltachat = import ./deltachat nixosTestArgs;
meshnamed = import ./meshnamed nixosTestArgs;
}; };
schemaTests = pkgs.callPackages ./schemas.nix { schemaTests = pkgs.callPackages ./schemas.nix {
inherit self; inherit self;

21
checks/meshnamed/default.nix Normal file
View File

@@ -0,0 +1,21 @@
(import ../lib/container-test.nix) ({ pkgs, ... }: {
name = "meshnamed";
nodes.machine = { self, ... }: {
imports = [
self.nixosModules.clanCore
{
clanCore.machineName = "machine";
clan.networking.meshnamed.networks.vpn.subnet = "fd43:7def:4b50:28d0:4e99:9347:3035:17ef/88";
clanCore.clanDir = ./.;
}
];
};
testScript = ''
start_all()
machine.wait_for_unit("meshnamed")
out = machine.succeed("${pkgs.dnsutils}/bin/dig -p 53535 AAAA foo.7vbx332lkaunatuzsndtanix54.vpn @localhost +short")
print(out)
assert out.strip() == "fd43:7def:4b50:28d0:4e99:9347:3035:17ef"
'';
})

1
nixosModules/clanCore/flake-module.nix
View File

@@ -4,6 +4,7 @@
../clanImports ../clanImports
./secrets ./secrets
./zerotier ./zerotier
./meshnamed
./networking.nix ./networking.nix
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
# just some example options. Can be removed later # just some example options. Can be removed later

46
nixosModules/clanCore/meshnamed/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{ config, lib, pkgs, ... }:
{
options.clan.networking.meshnamed = {
enable = (lib.mkEnableOption "meshnamed") // {
default = config.clan.networking.meshnamed.networks != { };
};
networks = lib.mkOption {
default = { };
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = {
name = lib.mkOption {
default = name;
type = lib.types.str;
example = "my-network";
description = lib.mdDoc ''
The name of the network.
'';
};
subnet = lib.mkOption {
type = lib.types.str;
example = "fd43:7def:4b50:28d0:4e99:9347:3035:17ef/88";
description = lib.mdDoc ''
The subnet to use for the mesh network.
'';
};
};
}));
};
};
config = lib.mkIf config.clan.networking.meshnamed.enable {
systemd.services.meshnamed =
let
networks = lib.concatMapStringsSep "," (network: "${network.name}=${network.subnet}")
(builtins.attrValues config.clan.networking.meshnamed.networks);
in
{
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.callPackage ../../../pkgs/meshname/default.nix { }}/bin/meshnamed -networks ${networks}";
DynamicUser = true;
};
};
};
}

2
nixosModules/clanCore/zerotier/default.nix
View File

@@ -97,11 +97,13 @@ in
facts.zerotier-ip = { }; facts.zerotier-ip = { };
facts.zerotier-meshname = { }; facts.zerotier-meshname = { };
facts.zerotier-network-id = { }; facts.zerotier-network-id = { };
facts.zerotier-subnet = { };
secrets.zerotier-identity-secret = { }; secrets.zerotier-identity-secret = { };
generator = '' generator = ''
export PATH=${lib.makeBinPath [ config.services.zerotierone.package pkgs.fakeroot ]} export PATH=${lib.makeBinPath [ config.services.zerotierone.package pkgs.fakeroot ]}
${pkgs.python3.interpreter} ${./generate.py} --mode network \ ${pkgs.python3.interpreter} ${./generate.py} --mode network \
--ip "$facts/zerotier-ip" \ --ip "$facts/zerotier-ip" \
--subnet "$facts/zerotier-subnet" \
--meshname "$facts/zerotier-meshname" \ --meshname "$facts/zerotier-meshname" \
--identity-secret "$secrets/zerotier-identity-secret" \ --identity-secret "$secrets/zerotier-identity-secret" \
--network-id "$facts/zerotier-network-id" --network-id "$facts/zerotier-network-id"

3
nixosModules/clanCore/zerotier/generate.py
View File

@@ -195,6 +195,7 @@ def main() -> None:
"--mode", choices=["network", "identity"], required=True, type=str "--mode", choices=["network", "identity"], required=True, type=str
) )
parser.add_argument("--ip", type=Path, required=True) parser.add_argument("--ip", type=Path, required=True)
parser.add_argument("--subnet", type=Path)
parser.add_argument("--meshname", type=Path, required=True) parser.add_argument("--meshname", type=Path, required=True)
parser.add_argument("--identity-secret", type=Path, required=True) parser.add_argument("--identity-secret", type=Path, required=True)
parser.add_argument("--network-id", type=str, required=False) parser.add_argument("--network-id", type=str, required=False)
@@ -218,6 +219,8 @@ def main() -> None:
args.identity_secret.write_text(identity.private) args.identity_secret.write_text(identity.private)
args.ip.write_text(ip.compressed) args.ip.write_text(ip.compressed)
if args.subnet is not None:
args.subnet.write_text(ipaddress.ip_network(ip).compressed)
args.meshname.write_text(meshname) args.meshname.write_text(meshname)

1
pkgs/clan-cli/tests/test_secrets_generate.py
View File

@@ -36,6 +36,7 @@ def test_generate_secret(
cli.run(["--flake", str(test_flake_with_core.path), "secrets", "generate", "vm1"]) cli.run(["--flake", str(test_flake_with_core.path), "secrets", "generate", "vm1"])
has_secret(test_flake_with_core.path, "vm1-age.key") has_secret(test_flake_with_core.path, "vm1-age.key")
has_secret(test_flake_with_core.path, "vm1-zerotier-identity-secret") has_secret(test_flake_with_core.path, "vm1-zerotier-identity-secret")
has_secret(test_flake_with_core.path, "vm1-zerotier-subnet")
network_id = machine_get_fact( network_id = machine_get_fact(
test_flake_with_core.name, "vm1", "zerotier-network-id" test_flake_with_core.name, "vm1", "zerotier-network-id"
) )