{ config, lib, pkgs, ... }: with lib; let cfg = config.filouterie.services.wgautomesh; in with builtins; { options.filouterie.services.wgautomesh = { enable = mkEnableOption "wgautomesh"; logLevel = mkOption { type = types.enum [ "trace" "debug" "info" "warn" "error" ]; default = "info"; description = "wgautomesh log level (trace/debug/info/warn/error)"; }; interface = mkOption { type = types.str; description = "Wireguard interface to manage"; }; gossipPort = mkOption { type = types.port; description = "wgautomesh gossip port"; }; peers = mkOption { type = types.listOf ( types.submodule { options = { pubkey = mkOption { type = types.str; description = "Wireguard public key"; }; address = mkOption { type = types.str; description = "Wireguard peer address"; }; endpoint = mkOption { type = types.nullOr types.str; description = "bootstrap endpoint"; }; }; } ); description = "wgautomesh peer list"; }; }; config = mkIf cfg.enable ( let peerDefs = map ( peer: let endpointDef = if peer.endpoint == null then "" else ''endpoint = "${peer.endpoint}"''; in '' [[peers]] pubkey = "${peer.pubkey}" address = "${peer.address}" ${endpointDef} '' ) cfg.peers; configFile = pkgs.writeText "wgautomesh.toml" '' interface = "${cfg.interface}" gossip_port = ${toString cfg.gossipPort} ${concatStringsSep "\n" peerDefs} ''; in { systemd.services.wgautomesh = { enable = true; path = [ pkgs.wireguard-tools ]; environment = { RUST_LOG = "wgautomesh=${cfg.logLevel}"; }; description = "wgautomesh"; serviceConfig = { Type = "simple"; ExecStart = "${pkgs.wgautomesh}/bin/wgautomesh ${configFile}"; Restart = "always"; RestartSec = "30"; DynamicUser = true; User = "wgautomesh"; StateDirectory = "wgautomesh"; StateDirectoryMode = "0700"; AmbientCapabilities = "CAP_NET_ADMIN"; CapabilityBoundingSets = "CAP_NET_ADMIN"; }; wantedBy = [ "multi-user.target" ]; }; } ); }