let wgautomesh = builtins.fetchTarball { url = "https://git.deuxfleurs.fr/attachments/ce203833-1ae7-43d4-9bf4-b49b560c9f4b"; sha256 = "sha256:1kc990s7xkwff53vs6c3slg7ljsyr9xz1i13j61ivfj6djyh8rmj"; }; in { config, lib, pkgs, ...}: with lib; let cfg = config.filouterie.services.wgautomesh; in with builtins; { options.filouterie.services.wgautomesh = { enable = mkEnableOption "wgautomesh"; logLevel = mkOption { type = types.enum [ "trace" "debug" "info" "warn" "error" ]; default = "info"; description = "wgautomesh log level (trace/debug/info/warn/error)"; }; interface = mkOption { type = types.str; description = "Wireguard interface to manage"; }; gossipPort = mkOption { type = types.port; description = "wgautomesh gossip port"; }; peers = mkOption { type = types.listOf (types.submodule { options = { pubkey = mkOption { type = types.str; description = "Wireguard public key"; }; address = mkOption { type = types.str; description = "Wireguard peer address"; }; endpoint = mkOption { type = types.nullOr types.str; description = "bootstrap endpoint"; }; }; }); description = "wgautomesh peer list"; }; }; config = mkIf cfg.enable ( let peerDefs = map (peer: let endpointDef = if peer.endpoint == null then "" else ''endpoint = "${peer.endpoint}"''; in '' [[peers]] pubkey = "${peer.pubkey}" address = "${peer.address}" ${endpointDef} '') cfg.peers; configFile = pkgs.writeText "wgautomesh.toml" '' interface = "${cfg.interface}" gossip_port = ${toString cfg.gossipPort} ${concatStringsSep "\n" peerDefs} ''; in { systemd.services.wgautomesh = { enable = true; path = [ pkgs.wireguard-tools ]; environment = { RUST_LOG = "wgautomesh=${cfg.logLevel}"; }; description = "wgautomesh"; serviceConfig = { Type = "simple"; ExecStart = "${wgautomesh}/bin/wgautomesh ${configFile}"; Restart = "always"; RestartSec = "30"; DynamicUser = true; User = "wgautomesh"; StateDirectory = "wgautomesh"; StateDirectoryMode = "0700"; AmbientCapabilities = "CAP_NET_ADMIN"; CapabilityBoundingSets = "CAP_NET_ADMIN"; }; wantedBy = [ "multi-user.target" ]; }; }); }