pyrox.dev
Merge pull request #254582 from oluceps/dae-fix-overr
nixos/dae: fix override existed config issue
authored by Thiago Kenji Okada and committed by GitHub 383389d0 b96d352e
+33
-24
nixos/modules/services/networking/dae.nix
+33
-24
nixos/modules/services/networking/dae.nix
···
18
18
19
19
package = mkPackageOptionMD pkgs "dae" { };
20
20
21
+
21
22
assets = mkOption {
22
23
type = with types;(listOf path);
23
24
default = with pkgs; [ v2ray-geoip v2ray-domain-list-community ];
···
47
48
options = {
48
49
enable = mkEnableOption "enable";
49
50
port = mkOption {
50
-
type = types.int;
51
+
type = types.port;
51
52
description = ''
52
53
Port to be opened. Consist with field `tproxy_port` in config file.
53
54
'';
···
70
71
};
71
72
72
73
configFile = mkOption {
73
-
type = types.path;
74
-
default = "/etc/dae/config.dae";
74
+
type = with types; (nullOr path);
75
+
default = null;
75
76
example = "/path/to/your/config.dae";
76
77
description = mdDoc ''
77
78
The path of dae config file, end with `.dae`.
···
79
80
};
80
81
81
82
config = mkOption {
82
-
type = types.str;
83
-
default = ''
84
-
global{}
85
-
routing{}
86
-
'';
83
+
type = with types; (nullOr str);
84
+
default = null;
87
85
description = mdDoc ''
86
+
WARNING: This option will expose store your config unencrypted world-readable in the nix store.
88
87
Config text for dae.
89
88
90
89
See <https://github.com/daeuniverse/dae/blob/main/example.dae>.
···
103
102
environment.systemPackages = [ cfg.package ];
104
103
systemd.packages = [ cfg.package ];
105
104
106
-
environment.etc."dae/config.dae" = {
107
-
mode = "0400";
108
-
source = pkgs.writeText "config.dae" cfg.config;
109
-
};
110
-
111
105
networking = lib.mkIf cfg.openFirewall.enable {
112
106
firewall =
113
107
let portToOpen = cfg.openFirewall.port;
···
121
115
systemd.services.dae =
122
116
let
123
117
daeBin = lib.getExe cfg.package;
124
-
TxChecksumIpGenericWorkaround = with lib;(getExe pkgs.writeShellApplication {
125
-
name = "disable-tx-checksum-ip-generic";
126
-
text = with pkgs; ''
127
-
iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}')
128
-
${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off
129
-
'';
130
-
});
118
+
119
+
configPath =
120
+
if cfg.configFile != null
121
+
then cfg.configFile else pkgs.writeText "config.dae" cfg.config;
122
+
123
+
TxChecksumIpGenericWorkaround = with lib;
124
+
(getExe pkgs.writeShellApplication {
125
+
name = "disable-tx-checksum-ip-generic";
126
+
text = with pkgs; ''
127
+
iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}')
128
+
${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off
129
+
'';
130
+
});
131
131
in
132
132
{
133
133
wantedBy = [ "multi-user.target" ];
134
134
serviceConfig = {
135
-
ExecStartPre = [ "" "${daeBin} validate -c ${cfg.configFile}" ]
135
+
LoadCredential = [ "config.dae:${configPath}" ];
136
+
ExecStartPre = [ "" "${daeBin} validate -c \${CREDENTIALS_DIRECTORY}/config.dae" ]
136
137
++ (with lib; optional cfg.disableTxChecksumIpGeneric TxChecksumIpGenericWorkaround);
137
-
ExecStart = [ "" "${daeBin} run --disable-timestamp -c ${cfg.configFile}" ];
138
+
ExecStart = [ "" "${daeBin} run --disable-timestamp -c \${CREDENTIALS_DIRECTORY}/config.dae" ];
138
139
Environment = "DAE_LOCATION_ASSET=${cfg.assetsPath}";
139
140
};
140
141
};
···
149
150
}
150
151
151
152
{
152
-
assertion = !((config.services.dae.config != "global{}\nrouting{}\n")
153
-
&& (config.services.dae.configFile != "/etc/dae/config.dae"));
153
+
assertion = !((config.services.dae.config != null)
154
+
&& (config.services.dae.configFile != null));
154
155
message = ''
155
156
Option `config` and `configFile` could not be set
156
157
at the same time.
158
+
'';
159
+
}
160
+
161
+
{
162
+
assertion = !((config.services.dae.config == null)
163
+
&& (config.services.dae.configFile == null));
164
+
message = ''
165
+
Either `config` or `configFile` should be set.
157
166
'';
158
167
}
159
168
];