diff --git a/README.md b/README.md index 4bf1a34..65a164a 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ $ nix build github:daeuniverse/flake.nix#packages.x86_64-linux.dae disableTxChecksumIpGeneric = false; configFile = "/etc/dae/config.dae"; assets = with pkgs; [ v2ray-geoip v2ray-domain-list-community ]; - # alternatively, specify assets dir + # alternatively, specify a dir which contains geo database. # assetsPath = "/etc/dae"; openFirewall = { enable = true; diff --git a/dae/module.nix b/dae/module.nix index 460b601..63b3406 100644 --- a/dae/module.nix +++ b/dae/module.nix @@ -1,8 +1,7 @@ -inputs: { config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: let cfg = config.services.dae; - defaultDaePackage = inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.dae; assets = cfg.assets; genAssetsDrv = paths: pkgs.symlinkJoin { name = "dae-assets"; @@ -16,39 +15,29 @@ in options = { services.dae = with lib;{ enable = mkEnableOption - (mdDoc "A Linux high-performance transparent proxy solution based on eBPF"); + "dae, a Linux high-performance transparent proxy solution based on eBPF"; package = mkOption { - type = types.path; - default = defaultDaePackage; - defaultText = literalExpression '' - dae.packages.${pkgs.stdenv.hostPlatform.system}.dae - ''; - example = literalExpression "pkgs.dae"; - description = mdDoc '' - The dae package to use. - ''; + defaultText = lib.literalMD "`packages.dae` from this flake"; }; assets = mkOption { type = with types;(listOf path); default = with pkgs; [ v2ray-geoip v2ray-domain-list-community ]; defaultText = literalExpression "with pkgs; [ v2ray-geoip v2ray-domain-list-community ]"; - description = mdDoc '' - Assets required to run dae. - ''; + description = "Assets required to run dae."; }; assetsPath = mkOption { type = types.str; default = "${genAssetsDrv assets}/share/v2ray"; defaultText = literalExpression '' - (symlinkJoin { + "$\{(symlinkJoin { name = "dae-assets"; paths = assets; - })/share/v2ray + })}/share/v2ray" ''; - description = mdDoc '' + description = '' The path which contains geolocation database. This option will override `assets`. ''; @@ -57,9 +46,9 @@ in openFirewall = mkOption { type = with types; submodule { options = { - enable = mkEnableOption "enable"; + enable = mkEnableOption ("opening {option}`port` in the firewall"); port = mkOption { - type = types.int; + type = types.port; description = '' Port to be opened. Consist with field `tproxy_port` in config file. ''; @@ -76,27 +65,26 @@ in port = 12345; } ''; - description = mdDoc '' + description = '' Open the firewall port. ''; }; configFile = mkOption { - type = types.path; - default = "/etc/dae/config.dae"; + type = with types; (nullOr path); + default = null; example = "/path/to/your/config.dae"; - description = mdDoc '' + description = '' The path of dae config file, end with `.dae`. + Will fallback to `/etc/dae/config.dae` if this is not set. ''; }; config = mkOption { - type = types.str; - default = '' - global{} - routing{} - ''; - description = mdDoc '' + type = with types; (nullOr str); + default = null; + description = '' + WARNING: This option will expose your config unencrypted world-readable in the nix store. Config text for dae. See . @@ -104,70 +92,85 @@ in }; disableTxChecksumIpGeneric = - mkEnableOption (mdDoc "See https://github.com/daeuniverse/dae/issues/43"); + mkEnableOption "" // { description = "See "; }; }; }; config = lib.mkIf cfg.enable + (lib.mkMerge [ + (lib.mkIf (cfg.configFile == null) + { + environment.etc."dae/config.dae" = { + mode = "0400"; + source = pkgs.writeText "config.dae" cfg.config; + }; + }) + { + environment.systemPackages = [ cfg.package ]; + systemd.packages = [ cfg.package ]; + + networking = lib.mkIf cfg.openFirewall.enable { + firewall = + let portToOpen = cfg.openFirewall.port; + in + { + allowedTCPPorts = [ portToOpen ]; + allowedUDPPorts = [ portToOpen ]; + }; + }; - { - environment.systemPackages = [ cfg.package ]; - systemd.packages = [ cfg.package ]; + systemd.services.dae = + let + daeBin = lib.getExe cfg.package; - environment.etc."dae/config.dae" = { - mode = "0400"; - source = pkgs.writeText "config.dae" cfg.config; - }; + TxChecksumIpGenericWorkaround = with lib; + (getExe pkgs.writeShellApplication { + name = "disable-tx-checksum-ip-generic"; + text = with pkgs; '' + iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}') + ${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off + ''; + }); - networking = lib.mkIf cfg.openFirewall.enable { - firewall = - let portToOpen = cfg.openFirewall.port; + configPath = if cfg.configFile != null then cfg.configFile else "/etc/dae/config.dae"; in { - allowedTCPPorts = [ portToOpen ]; - allowedUDPPorts = [ portToOpen ]; + wantedBy = [ "multi-user.target" ]; + reloadTriggers = [ cfg.config ]; + serviceConfig = { + ExecStartPre = [ "" "${daeBin} validate -c ${configPath}" ] + ++ (with lib; optional cfg.disableTxChecksumIpGeneric TxChecksumIpGenericWorkaround); + ExecStart = [ "" "${daeBin} run --disable-timestamp -c ${configPath}" ]; + Environment = "DAE_LOCATION_ASSET=${cfg.assetsPath}"; + }; }; - }; - systemd.services.dae = - let - daeBin = lib.getExe cfg.package; - TxChecksumIpGenericWorkaround = with lib;(getExe pkgs.writeShellApplication { - name = "disable-tx-checksum-ip-generic"; - text = with pkgs; '' - iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}') - ${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off + assertions = [ + { + assertion = lib.pathExists (toString (genAssetsDrv cfg.assets) + "/share/v2ray"); + message = '' + Packages in `assets` has no preset path `/share/v2ray` included. + Please set `assetsPath` instead. ''; - }); - in - { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStartPre = [ "" "${daeBin} validate -c ${cfg.configFile}" ] - ++ (with lib; optional cfg.disableTxChecksumIpGeneric TxChecksumIpGenericWorkaround); - ExecStart = [ "" "${daeBin} run --disable-timestamp -c ${cfg.configFile}" ]; - Environment = "DAE_LOCATION_ASSET=${cfg.assetsPath}"; - }; - }; + } - assertions = [ - { - assertion = lib.pathExists (toString (genAssetsDrv cfg.assets) + "/share/v2ray"); - message = '' - Packages in `assets` has no preset paths included. - Please set `assetsPath` instead. - ''; - } + { + assertion = !((config.services.dae.config != null) + && (config.services.dae.configFile != null)); + message = '' + Option `config` and `configFile` could not be set at the same time. + ''; + } - { - assertion = !((config.services.dae.config != "global{}\nrouting{}\n") - && (config.services.dae.configFile != "/etc/dae/config.dae")); - message = '' - Option `config` and `configFile` could not be set - at the same time. - ''; - } - ]; - }; + { + assertion = !((config.services.dae.config == null) + && (config.services.dae.configFile == null)); + message = '' + Either `config` or `configFile` should be set. + ''; + } + ]; + } + ]); } diff --git a/daed/module.nix b/daed/module.nix index 7347f22..3333da8 100644 --- a/daed/module.nix +++ b/daed/module.nix @@ -1,8 +1,7 @@ -inputs: { config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.services.daed; - defaultDaedPackage = inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.daed; in { # disables Nixpkgs daed module to avoid conflicts @@ -10,35 +9,22 @@ in options = { services.daed = with lib;{ - enable = mkEnableOption - (mdDoc "A modern dashboard for dae"); + enable = mkEnableOption "A modern dashboard for dae"; package = mkOption { - type = types.path; - default = defaultDaedPackage; - defaultText = literalExpression '' - daed.packages.${pkgs.stdenv.hostPlatform.system}.daed - ''; - example = literalExpression "pkgs.daed"; - description = mdDoc '' - The daed package to use. - ''; + defaultText = lib.literalMD "`packages.daed` from this flake"; }; configDir = mkOption { type = types.str; default = "/etc/daed"; - description = mdDoc '' - The daed work directory. - ''; + description = "The daed work directory."; }; listen = mkOption { type = types.str; default = "0.0.0.0:2023"; - description = mdDoc '' - The daed listen address. - ''; + description = "The daed listen address."; }; openFirewall = mkOption { @@ -63,9 +49,7 @@ in port = 12345; } ''; - description = mdDoc '' - Open the firewall port. - ''; + description = "Open the firewall port."; }; }; }; diff --git a/flake.lock b/flake.lock index 1977f2a..1a16988 100644 --- a/flake.lock +++ b/flake.lock @@ -21,11 +21,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1706830856, - "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", + "lastModified": 1709336216, + "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", + "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "type": "github" }, "original": { @@ -92,11 +92,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1706732774, - "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=", + "lastModified": 1710272261, + "narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d", + "rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2", "type": "github" }, "original": { @@ -109,11 +109,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1706550542, - "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "type": "github" }, "original": { @@ -172,11 +172,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1706424699, - "narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=", + "lastModified": 1708018599, + "narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf", + "rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 747fef0..dc65bac 100644 --- a/flake.nix +++ b/flake.nix @@ -14,8 +14,9 @@ }; outputs = inputs@{ self, flake-parts, pre-commit-hooks, nixpkgs, ... }: - flake-parts.lib.mkFlake { inherit inputs; } { + flake-parts.lib.mkFlake { inherit inputs; } ({ withSystem, ... }: { imports = [ + pre-commit-hooks.flakeModule ]; systems = [ "x86_64-linux" "aarch64-linux" ]; perSystem = { config, self', inputs', pkgs, system, ... }: { @@ -30,20 +31,28 @@ dae = pkgs.callPackage ./dae/package.nix { }; daed = pkgs.callPackage ./daed/package.nix { }; }; - - checks = { - pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { - src = inputs.nixpkgs.lib.cleanSource ./.; - hooks = { nixpkgs-fmt.enable = true; }; + pre-commit = { + check.enable = true; + settings.hooks = { + nixpkgs-fmt.enable = true; }; }; }; flake = let - moduleName = [ "dae" "daed" ]; + moduleName = [ + "dae" + "daed" + ]; genFlake = n: { nixosModules = { - ${n} = import ./${n}/module.nix inputs; + ${n} = { pkgs, ... }: { + imports = [ ./${n}/module.nix ]; + services.dae.package = + withSystem pkgs.stdenv.hostPlatform.system ({ config, ... }: + config.packages.${n} + ); + }; }; overlays = { ${n} = final: prev: { ${n} = inputs.self.packages.${n}; }; @@ -56,5 +65,5 @@ (n: { ${n} = inputs.self.packages.${n}; }); }] ); - }; + }); }