nix-cluster/wgautomesh.nix

{
  config,
  lib,
  pkgs,
  ...
}:
with lib;
let
  cfg = config.filouterie.services.wgautomesh;
in
with builtins;
{
  options.filouterie.services.wgautomesh = {
    enable = mkEnableOption "wgautomesh";
    logLevel = mkOption {
      type = types.enum [
        "trace"
        "debug"
        "info"
        "warn"
        "error"
      ];
      default = "info";
      description = "wgautomesh log level (trace/debug/info/warn/error)";
    };
    interface = mkOption {
      type = types.str;
      description = "Wireguard interface to manage";
    };
    gossipPort = mkOption {
      type = types.port;
      description = "wgautomesh gossip port";
    };
    peers = mkOption {
      type = types.listOf (
        types.submodule {
          options = {
            pubkey = mkOption {
              type = types.str;
              description = "Wireguard public key";
            };
            address = mkOption {
              type = types.str;
              description = "Wireguard peer address";
            };
            endpoint = mkOption {
              type = types.nullOr types.str;
              description = "bootstrap endpoint";
            };
          };
        }
      );
      description = "wgautomesh peer list";
    };
  };

  config = mkIf cfg.enable (
    let
      peerDefs = map (
        peer:
        let
          endpointDef = if peer.endpoint == null then "" else ''endpoint = "${peer.endpoint}"'';
        in
        ''
          	  [[peers]]
          	  pubkey = "${peer.pubkey}"
          	  address = "${peer.address}"
          	  ${endpointDef}
          	''
      ) cfg.peers;
      configFile = pkgs.writeText "wgautomesh.toml" ''
                interface = "${cfg.interface}"
                gossip_port = ${toString cfg.gossipPort}

        	${concatStringsSep "\n" peerDefs}
        	'';
    in
    {
      systemd.services.wgautomesh = {
        enable = true;
        path = [ pkgs.wireguard-tools ];
        environment = {
          RUST_LOG = "wgautomesh=${cfg.logLevel}";
        };
        description = "wgautomesh";
        serviceConfig = {
          Type = "simple";

          ExecStart = "${pkgs.wgautomesh}/bin/wgautomesh ${configFile}";
          Restart = "always";
          RestartSec = "30";

          DynamicUser = true;
          User = "wgautomesh";
          StateDirectory = "wgautomesh";
          StateDirectoryMode = "0700";
          AmbientCapabilities = "CAP_NET_ADMIN";
          CapabilityBoundingSets = "CAP_NET_ADMIN";
        };
        wantedBy = [ "multi-user.target" ];
      };
    }
  );
}