commit 383389d0864f848f0c8e7e6daf8ab8671118ec00 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #254582 from oluceps/dae-fix-overr

nixos/dae: fix override existed config issue

authored by Thiago Kenji Okada and committed by GitHub 2 years ago 383389d0 b96d352e

+37 -24

2 changed files

expand all

unified split

nixos

modules

services

networking

dae.nix

tests

dae.nix

+33 -24

nixos/modules/services/networking/dae.nix

··· 18 19 package = mkPackageOptionMD pkgs "dae" { }; 20 21 assets = mkOption { 22 type = with types;(listOf path); 23 default = with pkgs; [ v2ray-geoip v2ray-domain-list-community ]; ··· 47 options = { 48 enable = mkEnableOption "enable"; 49 port = mkOption { 50 - type = types.int; 51 description = '' 52 Port to be opened. Consist with field `tproxy_port` in config file. 53 ''; ··· 70 }; 71 72 configFile = mkOption { 73 - type = types.path; 74 - default = "/etc/dae/config.dae"; 75 example = "/path/to/your/config.dae"; 76 description = mdDoc '' 77 The path of dae config file, end with `.dae`. ··· 79 }; 80 81 config = mkOption { 82 - type = types.str; 83 - default = '' 84 - global{} 85 - routing{} 86 - ''; 87 description = mdDoc '' 88 Config text for dae. 89 90 See <https://github.com/daeuniverse/dae/blob/main/example.dae>. ··· 103 environment.systemPackages = [ cfg.package ]; 104 systemd.packages = [ cfg.package ]; 105 106 - environment.etc."dae/config.dae" = { 107 - mode = "0400"; 108 - source = pkgs.writeText "config.dae" cfg.config; 109 - }; 110 - 111 networking = lib.mkIf cfg.openFirewall.enable { 112 firewall = 113 let portToOpen = cfg.openFirewall.port; ··· 121 systemd.services.dae = 122 let 123 daeBin = lib.getExe cfg.package; 124 - TxChecksumIpGenericWorkaround = with lib;(getExe pkgs.writeShellApplication { 125 - name = "disable-tx-checksum-ip-generic"; 126 - text = with pkgs; '' 127 - iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}') 128 - ${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off 129 - ''; 130 - }); 131 in 132 { 133 wantedBy = [ "multi-user.target" ]; 134 serviceConfig = { 135 - ExecStartPre = [ "" "${daeBin} validate -c ${cfg.configFile}" ] 136 ++ (with lib; optional cfg.disableTxChecksumIpGeneric TxChecksumIpGenericWorkaround); 137 - ExecStart = [ "" "${daeBin} run --disable-timestamp -c ${cfg.configFile}" ]; 138 Environment = "DAE_LOCATION_ASSET=${cfg.assetsPath}"; 139 }; 140 }; ··· 149 } 150 151 { 152 - assertion = !((config.services.dae.config != "global{}\nrouting{}\n") 153 - && (config.services.dae.configFile != "/etc/dae/config.dae")); 154 message = '' 155 Option `config` and `configFile` could not be set 156 at the same time. 157 ''; 158 } 159 ];

··· 18 19 package = mkPackageOptionMD pkgs "dae" { }; 20 21 + 22 assets = mkOption { 23 type = with types;(listOf path); 24 default = with pkgs; [ v2ray-geoip v2ray-domain-list-community ]; ··· 48 options = { 49 enable = mkEnableOption "enable"; 50 port = mkOption { 51 + type = types.port; 52 description = '' 53 Port to be opened. Consist with field `tproxy_port` in config file. 54 ''; ··· 71 }; 72 73 configFile = mkOption { 74 + type = with types; (nullOr path); 75 + default = null; 76 example = "/path/to/your/config.dae"; 77 description = mdDoc '' 78 The path of dae config file, end with `.dae`. ··· 80 }; 81 82 config = mkOption { 83 + type = with types; (nullOr str); 84 + default = null; 85 description = mdDoc '' 86 + WARNING: This option will expose store your config unencrypted world-readable in the nix store. 87 Config text for dae. 88 89 See <https://github.com/daeuniverse/dae/blob/main/example.dae>. ··· 102 environment.systemPackages = [ cfg.package ]; 103 systemd.packages = [ cfg.package ]; 104 105 networking = lib.mkIf cfg.openFirewall.enable { 106 firewall = 107 let portToOpen = cfg.openFirewall.port; ··· 115 systemd.services.dae = 116 let 117 daeBin = lib.getExe cfg.package; 118 + 119 + configPath = 120 + if cfg.configFile != null 121 + then cfg.configFile else pkgs.writeText "config.dae" cfg.config; 122 + 123 + TxChecksumIpGenericWorkaround = with lib; 124 + (getExe pkgs.writeShellApplication { 125 + name = "disable-tx-checksum-ip-generic"; 126 + text = with pkgs; '' 127 + iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}') 128 + ${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off 129 + ''; 130 + }); 131 in 132 { 133 wantedBy = [ "multi-user.target" ]; 134 serviceConfig = { 135 + LoadCredential = [ "config.dae:${configPath}" ]; 136 + ExecStartPre = [ "" "${daeBin} validate -c \${CREDENTIALS_DIRECTORY}/config.dae" ] 137 ++ (with lib; optional cfg.disableTxChecksumIpGeneric TxChecksumIpGenericWorkaround); 138 + ExecStart = [ "" "${daeBin} run --disable-timestamp -c \${CREDENTIALS_DIRECTORY}/config.dae" ]; 139 Environment = "DAE_LOCATION_ASSET=${cfg.assetsPath}"; 140 }; 141 }; ··· 150 } 151 152 { 153 + assertion = !((config.services.dae.config != null) 154 + && (config.services.dae.configFile != null)); 155 message = '' 156 Option `config` and `configFile` could not be set 157 at the same time. 158 + ''; 159 + } 160 + 161 + { 162 + assertion = !((config.services.dae.config == null) 163 + && (config.services.dae.configFile == null)); 164 + message = '' 165 + Either `config` or `configFile` should be set. 166 ''; 167 } 168 ];

nixos/tests/dae.nix

··· 14 }; 15 services.dae = { 16 enable = true; 17 }; 18 }; 19

··· 14 }; 15 services.dae = { 16 enable = true; 17 + config = '' 18 + global{} 19 + routing{} 20 + ''; 21 }; 22 }; 23