nixos/dae: fix override existed config issue

pyrox.dev / nixpkgs

fork atom

lol

fork atom

oluceps 2 years ago bc07451d ac4fd1a1

+36 -23

2 changed files

expand all

nixos

modules

services

networking

dae.nix

tests

dae.nix

+32 -23

nixos/modules/services/networking/dae.nix

··· 18 18 19 19 package = mkPackageOptionMD pkgs "dae" { }; 20 20 21 + 21 22 assets = mkOption { 22 23 type = with types;(listOf path); 23 24 default = with pkgs; [ v2ray-geoip v2ray-domain-list-community ]; ··· 70 71 }; 71 72 72 73 configFile = mkOption { 73 - type = types.path; 74 - default = "/etc/dae/config.dae"; 74 + type = with types; (nullOr path); 75 + default = null; 75 76 example = "/path/to/your/config.dae"; 76 77 description = mdDoc '' 77 78 The path of dae config file, end with `.dae`. ··· 79 80 }; 80 81 81 82 config = mkOption { 82 - type = types.str; 83 - default = '' 84 - global{} 85 - routing{} 86 - ''; 83 + type = with types; (nullOr str); 84 + default = null; 87 85 description = mdDoc '' 86 + WARNING: This option will expose store your config unencrypted world-readable in the nix store. 88 87 Config text for dae. 89 88 90 89 See <https://github.com/daeuniverse/dae/blob/main/example.dae>. ··· 103 102 environment.systemPackages = [ cfg.package ]; 104 103 systemd.packages = [ cfg.package ]; 105 104 106 - environment.etc."dae/config.dae" = { 107 - mode = "0400"; 108 - source = pkgs.writeText "config.dae" cfg.config; 109 - }; 110 - 111 105 networking = lib.mkIf cfg.openFirewall.enable { 112 106 firewall = 113 107 let portToOpen = cfg.openFirewall.port; ··· 121 115 systemd.services.dae = 122 116 let 123 117 daeBin = lib.getExe cfg.package; 124 - TxChecksumIpGenericWorkaround = with lib;(getExe pkgs.writeShellApplication { 125 - name = "disable-tx-checksum-ip-generic"; 126 - text = with pkgs; '' 127 - iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}') 128 - ${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off 129 - ''; 130 - }); 118 + 119 + configPath = 120 + if cfg.configFile != null 121 + then cfg.configFile else pkgs.writeText "config.dae" cfg.config; 122 + 123 + TxChecksumIpGenericWorkaround = with lib; 124 + (getExe pkgs.writeShellApplication { 125 + name = "disable-tx-checksum-ip-generic"; 126 + text = with pkgs; '' 127 + iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}') 128 + ${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off 129 + ''; 130 + }); 131 131 in 132 132 { 133 133 wantedBy = [ "multi-user.target" ]; 134 134 serviceConfig = { 135 - ExecStartPre = [ "" "${daeBin} validate -c ${cfg.configFile}" ] 135 + LoadCredential = [ "config.dae:${configPath}" ]; 136 + ExecStartPre = [ "" "${daeBin} validate -c \${CREDENTIALS_DIRECTORY}/config.dae" ] 136 137 ++ (with lib; optional cfg.disableTxChecksumIpGeneric TxChecksumIpGenericWorkaround); 137 - ExecStart = [ "" "${daeBin} run --disable-timestamp -c ${cfg.configFile}" ]; 138 + ExecStart = [ "" "${daeBin} run --disable-timestamp -c \${CREDENTIALS_DIRECTORY}/config.dae" ]; 138 139 Environment = "DAE_LOCATION_ASSET=${cfg.assetsPath}"; 139 140 }; 140 141 }; ··· 149 150 } 150 151 151 152 { 152 - assertion = !((config.services.dae.config != "global{}\nrouting{}\n") 153 - && (config.services.dae.configFile != "/etc/dae/config.dae")); 153 + assertion = !((config.services.dae.config != null) 154 + && (config.services.dae.configFile != null)); 154 155 message = '' 155 156 Option `config` and `configFile` could not be set 156 157 at the same time. 158 + ''; 159 + } 160 + 161 + { 162 + assertion = !((config.services.dae.config == null) 163 + && (config.services.dae.configFile == null)); 164 + message = '' 165 + Either `config` or `configFile` should be set. 157 166 ''; 158 167 } 159 168 ];

nixos/tests/dae.nix

··· 14 14 }; 15 15 services.dae = { 16 16 enable = true; 17 + config = '' 18 + global{} 19 + routing{} 20 + ''; 17 21 }; 18 22 }; 19 23