qenya/birdsong
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

work around systemd unit parameters evaluating through mkIf

Browse source
This commit is contained in:
Katherina Walshe-Grey 2024-12-27 02:53:57 +00:00
parent fd3965ddee
commit 54c8b67a44
1 changed files with 17 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
peering.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
inherit (lib) mkIf mkOption mkEnableOption types optionals filterAttrs mapAttrsToList; inherit (lib) types mkIf mkMerge mkOption mkEnableOption optionals filterAttrs mapAttrsToList;
cfg = config.birdsong.peering; cfg = config.birdsong.peering;
hostName = if null != cfg.hostName then cfg.hostName else config.networking.hostName; hostName = if null != cfg.hostName then cfg.hostName else config.networking.hostName;
hosts = config.birdsong.hosts; hosts = config.birdsong.hosts;
@ -41,7 +41,7 @@ in
''; '';
type = with types; nullOr str; type = with types; nullOr str;
}; };
privateKeyCred = mkOption { privateKeyCredential = mkOption {
default = null; default = null;
description = '' description = ''
Name of a systemd credential containing a private key for this peer, as Name of a systemd credential containing a private key for this peer, as
@ -75,8 +75,8 @@ in
message = "birdsong depends on networkd. systemd.network.enable must be true"; message = "birdsong depends on networkd. systemd.network.enable must be true";
} }
{ {
assertion = (cfg.privateKeyCred != null && cfg.privateKeyFile == null) || (cfg.privateKeyFile != null && cfg.privateKeyCred == null); assertion = (cfg.privateKeyCredential != null && cfg.privateKeyFile == null) || (cfg.privateKeyFile != null && cfg.privateKeyCredential == null);
message = "exactly one of birdsong.peering.privateKeyCred or birdsong.peering.privateKeyFile must be set"; message = "exactly one of birdsong.peering.privateKeyCredential or birdsong.peering.privateKeyFile must be set";
} }
{ {
assertion = hostName != null; assertion = hostName != null;
@ -98,11 +98,19 @@ in
Kind = "wireguard"; Kind = "wireguard";
Description = "wireguard tunnel to the birdsong network"; Description = "wireguard tunnel to the birdsong network";
}; };
wireguardConfig = {
PrivateKey = mkIf (cfg.privateKeyCred != null) "@${cfg.privateKeyCred}"; wireguardConfig = mkMerge [
PrivateKeyFile = mkIf (cfg.privateKeyFile != null) cfg.privateKeyFile; {
ListenPort = host.port; ListenPort = host.port;
}; }
(mkIf (cfg.privateKeyCredential != null) {
PrivateKey = "@${cfg.privateKeyCredential}";
})
(mkIf (cfg.privateKeyFile != null) {
PrivateKeyFile = cfg.privateKeyFile;
})
];
wireguardPeers = wireguardPeers =
let let
canDirectPeer = host: peer: peer.subnet == "internet" || (host.subnet != "roaming" && peer.subnet == host.subnet); canDirectPeer = host: peer: peer.subnet == "internet" || (host.subnet != "roaming" && peer.subnet == host.subnet);