From a8d48b22f8cc12006714608c22e1056ed41a6d1b Mon Sep 17 00:00:00 2001 From: pinpox Date: Thu, 31 Jul 2025 15:29:29 +0200 Subject: [PATCH] Add default bootstrapnodes for data-mesher service --- clanServices/data-mesher/admin.nix | 29 --- clanServices/data-mesher/default.nix | 214 +++++++++++++----- clanServices/data-mesher/shared.nix | 30 --- clanServices/data-mesher/tests/vm/default.nix | 10 +- 4 files changed, 161 insertions(+), 122 deletions(-) delete mode 100644 clanServices/data-mesher/admin.nix diff --git a/clanServices/data-mesher/admin.nix b/clanServices/data-mesher/admin.nix deleted file mode 100644 index a22392837..000000000 --- a/clanServices/data-mesher/admin.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - config, - settings, - ... -}: -{ - - services.data-mesher.initNetwork = - let - # for a given machine, read it's public key and remove any new lines - readHostKey = - machine: - let - path = "${config.clan.core.settings.directory}/vars/per-machine/${machine}/data-mesher-host-key/public_key/value"; - in - builtins.elemAt (lib.splitString "\n" (builtins.readFile path)) 1; - in - { - enable = true; - keyPath = config.clan.core.vars.generators.data-mesher-network-key.files.private_key.path; - - tld = settings.network.tld; - hostTTL = settings.network.hostTTL; - - # admin and signer host public keys - signingKeys = builtins.map readHostKey (builtins.attrNames settings.bootstrapNodes); - }; -} diff --git a/clanServices/data-mesher/default.nix b/clanServices/data-mesher/default.nix index 4acbd6d52..442311fd0 100644 --- a/clanServices/data-mesher/default.nix +++ b/clanServices/data-mesher/default.nix @@ -5,31 +5,15 @@ let { options = { bootstrapNodes = lib.mkOption { - type = lib.types.nullOr (lib.types.attrsOf lib.types.str); - # the default bootstrap nodes are any machines with the admin or signers role - # we iterate through those machines, determining an IP address for them based on their VPN - # currently only supports zerotier - # default = builtins.foldl' ( - # urls: name: - # let - # ipPath = "${config.clan.core.settings.directory}/vars/per-machine/${name}/zerotier/zerotier-ip/value"; - # in - # if builtins.pathExists ipPath then - # let - # ip = builtins.readFile ipPath; - # in - # urls ++ [ "[${ip}]:${builtins.toString settings.network.port}" ] - # else - # urls - # ) [ ] (dmLib.machines config).bootstrap; + type = lib.types.nullOr (lib.types.listOf lib.types.str); description = '' A list of bootstrap nodes that act as an initial gateway when joining the cluster. ''; - example = { - "node1" = "192.168.1.1:7946"; - "node2" = "192.168.1.2:7946"; - }; + example = [ + "192.168.1.1:7946" + "192.168.1.2:7946" + ]; }; network = { @@ -55,6 +39,59 @@ let }; }; }; + + mkBootstrapNodes = + { + config, + lib, + roles, + settings, + }: + lib.mkDefault ( + builtins.foldl' ( + urls: name: + let + ipPath = "${config.clan.core.settings.directory}/vars/per-machine/${name}/zerotier/zerotier-ip/value"; + in + if builtins.pathExists ipPath then + let + ip = builtins.readFile ipPath; + in + urls ++ [ "[${ip}]:${builtins.toString settings.network.port}" ] + else + urls + ) [ ] (builtins.attrNames ((roles.admin.machines or { }) // (roles.signer.machines or { }))) + ); + + mkDmService = dmSettings: config: { + enable = true; + openFirewall = true; + + settings = { + log_level = "warn"; + state_dir = "/var/lib/data-mesher"; + + # read network id from vars + network.id = config.clan.core.vars.generators.data-mesher-network-key.files.public_key.value; + + host = { + names = [ config.networking.hostName ]; + key_path = config.clan.core.vars.generators.data-mesher-host-key.files.private_key.path; + }; + + cluster = { + port = dmSettings.network.port; + join_interval = "30s"; + push_pull_interval = "30s"; + interface = dmSettings.network.interface; + bootstrap_nodes = dmSettings.bootstrapNodes; + }; + + http.port = 7331; + http.interface = "lo"; + }; + }; + in { _class = "clan.service"; @@ -67,11 +104,9 @@ in interface = { lib, ... }: { - imports = [ sharedInterface ]; options = { - network = { tld = lib.mkOption { type = lib.types.str; @@ -89,54 +124,117 @@ in }; }; perInstance = - { settings, roles, ... }: { - nixosModule = { - imports = [ - ./admin.nix - ./shared.nix - ]; - _module.args = { inherit settings roles; }; - }; + extendSettings, + roles, + lib, + ... + }: + { + nixosModule = + { config, ... }: + let + settings = extendSettings { + bootstrapNodes = mkBootstrapNodes { + inherit + config + lib + roles + settings + ; + }; + }; + in + { + imports = [ ./shared.nix ]; + + services.data-mesher = (mkDmService settings config) // { + initNetwork = + let + # for a given machine, read it's public key and remove any new lines + readHostKey = + machine: + let + path = "${config.clan.core.settings.directory}/vars/per-machine/${machine}/data-mesher-host-key/public_key/value"; + in + builtins.elemAt (lib.splitString "\n" (builtins.readFile path)) 1; + in + { + enable = true; + keyPath = config.clan.core.vars.generators.data-mesher-network-key.files.private_key.path; + + tld = settings.network.tld; + hostTTL = settings.network.hostTTL; + + # admin and signer host public keys + signingKeys = builtins.map readHostKey ( + builtins.attrNames ((roles.admin.machines or { }) // (roles.signer.machines or { })) + ); + }; + }; + }; }; }; roles.signer = { - interface = - { ... }: - { - imports = [ sharedInterface ]; - }; + interface = sharedInterface; perInstance = - { settings, roles, ... }: { - nixosModule = { - imports = [ - ./signer.nix - ./shared.nix - ]; - _module.args = { inherit settings roles; }; - }; + extendSettings, + lib, + roles, + ... + }: + { + nixosModule = + { config, ... }: + let + settings = extendSettings { + bootstrapNodes = mkBootstrapNodes { + inherit + config + lib + roles + settings + ; + }; + }; + in + { + imports = [ ./shared.nix ]; + services.data-mesher = (mkDmService settings config); + }; }; }; roles.peer = { - interface = - { ... }: - { - imports = [ sharedInterface ]; - }; + interface = sharedInterface; perInstance = - { settings, roles, ... }: { - nixosModule = { - imports = [ - ./peer.nix - ./shared.nix - ]; - _module.args = { inherit settings roles; }; - }; + extendSettings, + lib, + roles, + ... + }: + { + nixosModule = + { config, ... }: + let + settings = extendSettings { + bootstrapNodes = mkBootstrapNodes { + inherit + config + lib + roles + settings + ; + }; + }; + in + { + imports = [ ./shared.nix ]; + services.data-mesher = (mkDmService settings config); + }; }; }; - } diff --git a/clanServices/data-mesher/shared.nix b/clanServices/data-mesher/shared.nix index 885bfba5d..2dd33afe8 100644 --- a/clanServices/data-mesher/shared.nix +++ b/clanServices/data-mesher/shared.nix @@ -1,39 +1,9 @@ { config, - settings, ... }: { - services.data-mesher = { - enable = true; - openFirewall = true; - - settings = { - log_level = "warn"; - state_dir = "/var/lib/data-mesher"; - - # read network id from vars - network.id = config.clan.core.vars.generators.data-mesher-network-key.files.public_key.value; - - host = { - names = [ config.networking.hostName ]; - key_path = config.clan.core.vars.generators.data-mesher-host-key.files.private_key.path; - }; - - cluster = { - port = settings.network.port; - join_interval = "30s"; - push_pull_interval = "30s"; - interface = settings.network.interface; - bootstrap_nodes = (builtins.attrValues settings.bootstrapNodes); - }; - - http.port = 7331; - http.interface = "lo"; - }; - }; - # Generate host key. clan.core.vars.generators.data-mesher-host-key = { files = diff --git a/clanServices/data-mesher/tests/vm/default.nix b/clanServices/data-mesher/tests/vm/default.nix index b0ee33771..7b0b7f8eb 100644 --- a/clanServices/data-mesher/tests/vm/default.nix +++ b/clanServices/data-mesher/tests/vm/default.nix @@ -16,11 +16,11 @@ instances = { data-mesher = let - bootstrapNodes = { - admin = "[2001:db8:1::1]:7946"; - peer = "[2001:db8:1::2]:7946"; - # signer = "2001:db8:1::3:7946"; - }; + bootstrapNodes = [ + "[2001:db8:1::1]:7946" # admin + "[2001:db8:1::2]:7946" # peer + # "2001:db8:1::3:7946" #signer + ]; in { roles.peer.machines.peer.settings = {