add module for meshnamed

2023-11-14 12:58:15 +01:00 · 2023-11-14 12:58:15 +01:00 · bdc8ef63ed
commit bdc8ef63ed
parent eb788393e6
7 changed files with 75 additions and 0 deletions
--- a/checks/flake-module.nix
+++ b/checks/flake-module.nix
@ -16,6 +16,7 @@
          secrets = import ./secrets nixosTestArgs;
          container = import ./container nixosTestArgs;
          deltachat = import ./deltachat nixosTestArgs;
+          meshnamed = import ./meshnamed nixosTestArgs;
        };
        schemaTests = pkgs.callPackages ./schemas.nix {
          inherit self;
--- a/checks/meshnamed/default.nix
+++ b/checks/meshnamed/default.nix
@ -0,0 +1,21 @@
+(import ../lib/container-test.nix) ({ pkgs, ... }: {
+  name = "meshnamed";
+
+  nodes.machine = { self, ... }: {
+    imports = [
+      self.nixosModules.clanCore
+      {
+        clanCore.machineName = "machine";
+        clan.networking.meshnamed.networks.vpn.subnet = "fd43:7def:4b50:28d0:4e99:9347:3035:17ef/88";
+        clanCore.clanDir = ./.;
+      }
+    ];
+  };
+  testScript = ''
+    start_all()
+    machine.wait_for_unit("meshnamed")
+    out = machine.succeed("${pkgs.dnsutils}/bin/dig -p 53535 AAAA foo.7vbx332lkaunatuzsndtanix54.vpn @localhost +short")
+    print(out)
+    assert out.strip() == "fd43:7def:4b50:28d0:4e99:9347:3035:17ef"
+  '';
+})
--- a/nixosModules/clanCore/flake-module.nix
+++ b/nixosModules/clanCore/flake-module.nix
@ -4,6 +4,7 @@
      ../clanImports
      ./secrets
      ./zerotier
+      ./meshnamed
      ./networking.nix
      inputs.sops-nix.nixosModules.sops
      # just some example options. Can be removed later
--- a/nixosModules/clanCore/meshnamed/default.nix
+++ b/nixosModules/clanCore/meshnamed/default.nix
@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+{
+  options.clan.networking.meshnamed = {
+    enable = (lib.mkEnableOption "meshnamed") // {
+      default = config.clan.networking.meshnamed.networks != { };
+    };
+    networks = lib.mkOption {
+      default = { };
+      type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
+        options = {
+          name = lib.mkOption {
+            default = name;
+            type = lib.types.str;
+            example = "my-network";
+            description = lib.mdDoc ''
+              The name of the network.
+            '';
+          };
+          subnet = lib.mkOption {
+            type = lib.types.str;
+            example = "fd43:7def:4b50:28d0:4e99:9347:3035:17ef/88";
+            description = lib.mdDoc ''
+              The subnet to use for the mesh network.
+            '';
+          };
+        };
+      }));
+    };
+  };
+  config = lib.mkIf config.clan.networking.meshnamed.enable {
+    systemd.services.meshnamed =
+      let
+        networks = lib.concatMapStringsSep "," (network: "${network.name}=${network.subnet}")
+          (builtins.attrValues config.clan.networking.meshnamed.networks);
+      in
+      {
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+        serviceConfig = {
+          Type = "simple";
+          ExecStart = "${pkgs.callPackage ../../../pkgs/meshname/default.nix { }}/bin/meshnamed -networks ${networks}";
+          DynamicUser = true;
+        };
+      };
+  };
+}
--- a/nixosModules/clanCore/zerotier/default.nix
+++ b/nixosModules/clanCore/zerotier/default.nix
@ -97,11 +97,13 @@ in
        facts.zerotier-ip = { };
        facts.zerotier-meshname = { };
        facts.zerotier-network-id = { };
+        facts.zerotier-subnet = { };
        secrets.zerotier-identity-secret = { };
        generator = ''
          export PATH=${lib.makeBinPath [ config.services.zerotierone.package pkgs.fakeroot ]}
          ${pkgs.python3.interpreter} ${./generate.py} --mode network \
            --ip "$facts/zerotier-ip" \
+            --subnet "$facts/zerotier-subnet" \
            --meshname "$facts/zerotier-meshname" \
            --identity-secret "$secrets/zerotier-identity-secret" \
            --network-id "$facts/zerotier-network-id"
--- a/nixosModules/clanCore/zerotier/generate.py
+++ b/nixosModules/clanCore/zerotier/generate.py
@ -195,6 +195,7 @@ def main() -> None:
        "--mode", choices=["network", "identity"], required=True, type=str
    )
    parser.add_argument("--ip", type=Path, required=True)
+    parser.add_argument("--subnet", type=Path)
    parser.add_argument("--meshname", type=Path, required=True)
    parser.add_argument("--identity-secret", type=Path, required=True)
    parser.add_argument("--network-id", type=str, required=False)
@ -218,6 +219,8 @@ def main() -> None:

    args.identity_secret.write_text(identity.private)
    args.ip.write_text(ip.compressed)
+    if args.subnet is not None:
+        args.subnet.write_text(ipaddress.ip_network(ip).compressed)
    args.meshname.write_text(meshname)


--- a/pkgs/clan-cli/tests/test_secrets_generate.py
+++ b/pkgs/clan-cli/tests/test_secrets_generate.py
@ -36,6 +36,7 @@ def test_generate_secret(
    cli.run(["--flake", str(test_flake_with_core.path), "secrets", "generate", "vm1"])
    has_secret(test_flake_with_core.path, "vm1-age.key")
    has_secret(test_flake_with_core.path, "vm1-zerotier-identity-secret")
+    has_secret(test_flake_with_core.path, "vm1-zerotier-subnet")
    network_id = machine_get_fact(
        test_flake_with_core.name, "vm1", "zerotier-network-id"
    )