Clean files + add IP to hosts

This commit is contained in:
zuma 2025-11-06 22:21:20 +01:00
parent ca436c49a3
commit b6d31e25b9
6 changed files with 140 additions and 110 deletions

View file

@ -1,87 +1,104 @@
{ config, lib, pkgs, ...}:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.filouterie.services.wgautomesh;
in
with builtins;
{
options.filouterie.services.wgautomesh = {
enable = mkEnableOption "wgautomesh";
logLevel = mkOption {
type = types.enum [ "trace" "debug" "info" "warn" "error" ];
default = "info";
description = "wgautomesh log level (trace/debug/info/warn/error)";
};
interface = mkOption {
type = types.str;
description = "Wireguard interface to manage";
};
gossipPort = mkOption {
type = types.port;
description = "wgautomesh gossip port";
};
peers = mkOption {
type = types.listOf (types.submodule {
with builtins;
{
options.filouterie.services.wgautomesh = {
enable = mkEnableOption "wgautomesh";
logLevel = mkOption {
type = types.enum [
"trace"
"debug"
"info"
"warn"
"error"
];
default = "info";
description = "wgautomesh log level (trace/debug/info/warn/error)";
};
interface = mkOption {
type = types.str;
description = "Wireguard interface to manage";
};
gossipPort = mkOption {
type = types.port;
description = "wgautomesh gossip port";
};
peers = mkOption {
type = types.listOf (
types.submodule {
options = {
pubkey = mkOption {
type = types.str;
description = "Wireguard public key";
};
address = mkOption {
description = "Wireguard public key";
};
address = mkOption {
type = types.str;
description = "Wireguard peer address";
};
endpoint = mkOption {
};
endpoint = mkOption {
type = types.nullOr types.str;
description = "bootstrap endpoint";
};
};
});
description = "wgautomesh peer list";
};
description = "bootstrap endpoint";
};
};
}
);
description = "wgautomesh peer list";
};
};
config = mkIf cfg.enable (
config = mkIf cfg.enable (
let
peerDefs = map (peer:
let endpointDef = if peer.endpoint == null then ""
else ''endpoint = "${peer.endpoint}"'';
in
''
[[peers]]
pubkey = "${peer.pubkey}"
address = "${peer.address}"
${endpointDef}
'') cfg.peers;
peerDefs = map (
peer:
let
endpointDef = if peer.endpoint == null then "" else ''endpoint = "${peer.endpoint}"'';
in
''
[[peers]]
pubkey = "${peer.pubkey}"
address = "${peer.address}"
${endpointDef}
''
) cfg.peers;
configFile = pkgs.writeText "wgautomesh.toml" ''
interface = "${cfg.interface}"
gossip_port = ${toString cfg.gossipPort}
interface = "${cfg.interface}"
gossip_port = ${toString cfg.gossipPort}
${concatStringsSep "\n" peerDefs}
'';
in {
${concatStringsSep "\n" peerDefs}
'';
in
{
systemd.services.wgautomesh = {
enable = true;
path = [ pkgs.wireguard-tools ];
environment = {
path = [ pkgs.wireguard-tools ];
environment = {
RUST_LOG = "wgautomesh=${cfg.logLevel}";
};
description = "wgautomesh";
serviceConfig = {
};
description = "wgautomesh";
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.wgautomesh}/bin/wgautomesh ${configFile}";
Restart = "always";
RestartSec = "30";
ExecStart = "${pkgs.wgautomesh}/bin/wgautomesh ${configFile}";
Restart = "always";
RestartSec = "30";
DynamicUser = true;
User = "wgautomesh";
StateDirectory = "wgautomesh";
StateDirectoryMode = "0700";
AmbientCapabilities = "CAP_NET_ADMIN";
CapabilityBoundingSets = "CAP_NET_ADMIN";
};
DynamicUser = true;
User = "wgautomesh";
StateDirectory = "wgautomesh";
StateDirectoryMode = "0700";
AmbientCapabilities = "CAP_NET_ADMIN";
CapabilityBoundingSets = "CAP_NET_ADMIN";
};
wantedBy = [ "multi-user.target" ];
};
});
}
}
);
}