Nixos module

2023-11-29 11:04:19 +00:00
parent 6f06d76797
commit 0926de2bd8
3 changed files with 48 additions and 18 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 /gomod2nix-template
-.direnv
+/.direnv
-.env
+/.env
-tsnet-proxy
+/tsnet-proxy
 /result
--- a/default.nix
+++ b/default.nix
@@ -1,18 +1,4 @@
-{ pkgs ? (
+{ buildGoApplication }: buildGoApplication {
    let
      inherit (builtins) fetchTree fromJSON readFile;
      inherit ((fromJSON (readFile ./flake.lock)).nodes) nixpkgs gomod2nix;
    in
    import (fetchTree nixpkgs.locked) {
      overlays = [
        (import "${fetchTree gomod2nix.locked}/overlay.nix")
      ];
    }
  )
 , buildGoApplication ? pkgs.buildGoApplication
 }:
 buildGoApplication {
  pname = "tsnet-proxy";
  version = "0.1";
  pwd = ./.;
--- a/flake.nix
+++ b/flake.nix
@@ -25,6 +25,49 @@
        inherit (goModPkgs) mkGoEnv gomod2nix;
      };
    });
    nixosModules.default = { config, pkgs, lib, ... }: {
      options.services.bluepython508.tsnet-proxy = with lib; with types; {
        clientId = mkOption {
          type = str;
        };
        clientSecretFile = mkOption {
          type = str;
        };
        tags = mkOption { type = listOf str; };
        proxies = mkOption {
          type = attrsOf (submodule ({ config }: {
            options = let
              proto = enum ["udp" "tcp" "unix"];
            in {
              enable = mkOption { type = bool; default = true; };
              proto = mkOption { type = proto; };
              dest = mkOption { type = str; };
              hostProto = mkOption { type = proto; };
              port = mkOption { type = int; };
            };
            config.hostProto = mkDefault config.proto;
          }));
        };
      };
      config.systemd.services = let
        cfg = config.services.bluepython508.tsnet-proxy;
        get-authkey = pkgs.tailscale.overrideAttrs { subPackages = ["cmd/get-authkey"]; postInstall = ""; };
      in lib.mapAttrs (hostname: { proto, hostProto, port, dest, enable, ... }: {
        inherit enable;
        script = ''
          TS_AUTHKEY=$(cat $RUNTIME_DIRECTORY/authkey) ${lib.getExe self.packages.${pkgs.system}.default} ${hostProto} ${hostname} ${port} ${proto} ${dest}
        '';
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
          DynamicUser = true;
          RuntimeDirectory = hostname;
          ExecStartPre = "!${pkgs.writeShellScript "get-authkey" ''
            TS_API_CLIENT_ID=${cfg.clientId} TS_API_CLIENT_SECRET=$(cat ${cfg.clientSecretFile}) ${get-authkey}/bin/get-authkey -ephemeral -tags ${lib.concatStringsSep "," cfg.tags} > $RUNTIME_DIRECTORY/authkey
            chown ${hostname}:${hostname} $RUNTIME_DIRECTORY/authkey
          ''}";
        };
      }) cfg.proxies;
    };
  };
 }