bluepython508/tsnet-proxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
8e62a22071d4adfd487e59443270bc9e56faecf1
tsnet-proxy/flake.nix
bluepython508 8e62a22071 Require network-online - required for key acquiry
2024-07-28 10:03:21 +01:00

100 lines
2.9 KiB
Nix
Raw Blame History

{
description = "tsnet-proxy: proxy onto tsnet";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = {
self,
nixpkgs,
systems,
}: let
eachSystem = f:
nixpkgs.lib.genAttrs (import systems) (system:
f rec {
inherit system;
pkgs = nixpkgs.legacyPackages.${system};
inherit (pkgs) callPackage;
});
in {
packages = eachSystem ({callPackage, ...}: {
default = callPackage ./. {};
});
devShells = eachSystem ({callPackage, ...}: {
default = callPackage ./shell.nix {};
});
nixosModules.default = {
config,
pkgs,
lib,
...
}: {
options.services.bluepython508.tsnet-proxy = with lib;
with types; {
clientId = mkOption {
type = str;
};
clientSecretFile = mkOption {
type = str;
};
tags = mkOption {type = listOf str;};
proxies = mkOption {
type = attrsOf (submodule ({config, ...}: {
options = let
proto = enum ["udp" "tcp" "unix"];
in {
enable = mkOption {
type = bool;
default = true;
};
forwards = mkOption {
type = listOf (submodule {
options = {
proto = mkOption {type = proto;};
port = mkOption {type = port;};
dest = mkOption {type = str;};
};
});
};
};
}));
};
};
config.systemd.services = let
cfg = config.services.bluepython508.tsnet-proxy;
get-authkey = pkgs.tailscale.overrideAttrs {
subPackages = ["cmd/get-authkey"];
postInstall = "";
};
in
lib.mapAttrs' (hostname: {
forwards,
enable,
...
}: let
name = "tsnet-proxy-${hostname}";
in {
inherit name;
value = {
inherit enable;
script = ''
TS_AUTHKEY=$(cat $RUNTIME_DIRECTORY/authkey) ${lib.getExe self.packages.${pkgs.system}.default} ${hostname} ${lib.concatMapStringsSep " " ({proto, port, dest}: "${proto}:${toString port}:${dest}") forwards}
'';
wantedBy = ["multi-user.target"];
wants = ["network-online.target"];
serviceConfig = {
DynamicUser = true;
RuntimeDirectory = name;
ExecStartPre = "!${pkgs.writeShellScript "get-authkey" ''
TS_API_CLIENT_ID=${cfg.clientId} TS_API_CLIENT_SECRET=$(cat ${cfg.clientSecretFile}) ${get-authkey}/bin/get-authkey -ephemeral -tags ${lib.concatStringsSep "," cfg.tags} > $RUNTIME_DIRECTORY/authkey
chown ${name}:${name} $RUNTIME_DIRECTORY/authkey
''}";
};
};
})
cfg.proxies;
};
};
}
Reference in New Issue View Git Blame Copy Permalink