add module for meshnamed
This commit is contained in:
parent
eb788393e6
commit
bdc8ef63ed
|
@ -16,6 +16,7 @@
|
|||
secrets = import ./secrets nixosTestArgs;
|
||||
container = import ./container nixosTestArgs;
|
||||
deltachat = import ./deltachat nixosTestArgs;
|
||||
meshnamed = import ./meshnamed nixosTestArgs;
|
||||
};
|
||||
schemaTests = pkgs.callPackages ./schemas.nix {
|
||||
inherit self;
|
||||
|
|
21
checks/meshnamed/default.nix
Normal file
21
checks/meshnamed/default.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
(import ../lib/container-test.nix) ({ pkgs, ... }: {
|
||||
name = "meshnamed";
|
||||
|
||||
nodes.machine = { self, ... }: {
|
||||
imports = [
|
||||
self.nixosModules.clanCore
|
||||
{
|
||||
clanCore.machineName = "machine";
|
||||
clan.networking.meshnamed.networks.vpn.subnet = "fd43:7def:4b50:28d0:4e99:9347:3035:17ef/88";
|
||||
clanCore.clanDir = ./.;
|
||||
}
|
||||
];
|
||||
};
|
||||
testScript = ''
|
||||
start_all()
|
||||
machine.wait_for_unit("meshnamed")
|
||||
out = machine.succeed("${pkgs.dnsutils}/bin/dig -p 53535 AAAA foo.7vbx332lkaunatuzsndtanix54.vpn @localhost +short")
|
||||
print(out)
|
||||
assert out.strip() == "fd43:7def:4b50:28d0:4e99:9347:3035:17ef"
|
||||
'';
|
||||
})
|
|
@ -4,6 +4,7 @@
|
|||
../clanImports
|
||||
./secrets
|
||||
./zerotier
|
||||
./meshnamed
|
||||
./networking.nix
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
# just some example options. Can be removed later
|
||||
|
|
46
nixosModules/clanCore/meshnamed/default.nix
Normal file
46
nixosModules/clanCore/meshnamed/default.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
options.clan.networking.meshnamed = {
|
||||
enable = (lib.mkEnableOption "meshnamed") // {
|
||||
default = config.clan.networking.meshnamed.networks != { };
|
||||
};
|
||||
networks = lib.mkOption {
|
||||
default = { };
|
||||
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
|
||||
options = {
|
||||
name = lib.mkOption {
|
||||
default = name;
|
||||
type = lib.types.str;
|
||||
example = "my-network";
|
||||
description = lib.mdDoc ''
|
||||
The name of the network.
|
||||
'';
|
||||
};
|
||||
subnet = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
example = "fd43:7def:4b50:28d0:4e99:9347:3035:17ef/88";
|
||||
description = lib.mdDoc ''
|
||||
The subnet to use for the mesh network.
|
||||
'';
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
};
|
||||
config = lib.mkIf config.clan.networking.meshnamed.enable {
|
||||
systemd.services.meshnamed =
|
||||
let
|
||||
networks = lib.concatMapStringsSep "," (network: "${network.name}=${network.subnet}")
|
||||
(builtins.attrValues config.clan.networking.meshnamed.networks);
|
||||
in
|
||||
{
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${pkgs.callPackage ../../../pkgs/meshname/default.nix { }}/bin/meshnamed -networks ${networks}";
|
||||
DynamicUser = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -97,11 +97,13 @@ in
|
|||
facts.zerotier-ip = { };
|
||||
facts.zerotier-meshname = { };
|
||||
facts.zerotier-network-id = { };
|
||||
facts.zerotier-subnet = { };
|
||||
secrets.zerotier-identity-secret = { };
|
||||
generator = ''
|
||||
export PATH=${lib.makeBinPath [ config.services.zerotierone.package pkgs.fakeroot ]}
|
||||
${pkgs.python3.interpreter} ${./generate.py} --mode network \
|
||||
--ip "$facts/zerotier-ip" \
|
||||
--subnet "$facts/zerotier-subnet" \
|
||||
--meshname "$facts/zerotier-meshname" \
|
||||
--identity-secret "$secrets/zerotier-identity-secret" \
|
||||
--network-id "$facts/zerotier-network-id"
|
||||
|
|
|
@ -195,6 +195,7 @@ def main() -> None:
|
|||
"--mode", choices=["network", "identity"], required=True, type=str
|
||||
)
|
||||
parser.add_argument("--ip", type=Path, required=True)
|
||||
parser.add_argument("--subnet", type=Path)
|
||||
parser.add_argument("--meshname", type=Path, required=True)
|
||||
parser.add_argument("--identity-secret", type=Path, required=True)
|
||||
parser.add_argument("--network-id", type=str, required=False)
|
||||
|
@ -218,6 +219,8 @@ def main() -> None:
|
|||
|
||||
args.identity_secret.write_text(identity.private)
|
||||
args.ip.write_text(ip.compressed)
|
||||
if args.subnet is not None:
|
||||
args.subnet.write_text(ipaddress.ip_network(ip).compressed)
|
||||
args.meshname.write_text(meshname)
|
||||
|
||||
|
||||
|
|
|
@ -36,6 +36,7 @@ def test_generate_secret(
|
|||
cli.run(["--flake", str(test_flake_with_core.path), "secrets", "generate", "vm1"])
|
||||
has_secret(test_flake_with_core.path, "vm1-age.key")
|
||||
has_secret(test_flake_with_core.path, "vm1-zerotier-identity-secret")
|
||||
has_secret(test_flake_with_core.path, "vm1-zerotier-subnet")
|
||||
network_id = machine_get_fact(
|
||||
test_flake_with_core.name, "vm1", "zerotier-network-id"
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue
Block a user