Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance module #20

Merged
merged 5 commits into from
Mar 14, 2024
Merged

Enhance module #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c3e176c
dae(module): fix file location resolve
oluceps Mar 14, 2024
f311d48
dae{,d}(module): use flake-parts style module definition
oluceps Mar 14, 2024
5e943ff
flake.lock: Update
oluceps Mar 14, 2024
027b49c
docs: add additional explanation
oluceps Mar 14, 2024
db8ac55
chore: neat flake
oluceps Mar 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ $ nix build github:daeuniverse/flake.nix#packages.x86_64-linux.dae
disableTxChecksumIpGeneric = false;
configFile = "/etc/dae/config.dae";
assets = with pkgs; [ v2ray-geoip v2ray-domain-list-community ];
# alternatively, specify assets dir
# alternatively, specify a dir which contains geo database.
# assetsPath = "/etc/dae";
openFirewall = {
enable = true;
Expand Down
165 changes: 84 additions & 81 deletions dae/module.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
inputs: { config, lib, pkgs, ... }:
{ config, lib, pkgs, ... }:

let
cfg = config.services.dae;
defaultDaePackage = inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.dae;
assets = cfg.assets;
genAssetsDrv = paths: pkgs.symlinkJoin {
name = "dae-assets";
Expand All @@ -16,39 +15,29 @@ in
options = {
services.dae = with lib;{
enable = mkEnableOption
(mdDoc "A Linux high-performance transparent proxy solution based on eBPF");
"dae, a Linux high-performance transparent proxy solution based on eBPF";

package = mkOption {
type = types.path;
default = defaultDaePackage;
defaultText = literalExpression ''
dae.packages.${pkgs.stdenv.hostPlatform.system}.dae
'';
example = literalExpression "pkgs.dae";
description = mdDoc ''
The dae package to use.
'';
defaultText = lib.literalMD "`packages.dae` from this flake";
};

assets = mkOption {
type = with types;(listOf path);
default = with pkgs; [ v2ray-geoip v2ray-domain-list-community ];
defaultText = literalExpression "with pkgs; [ v2ray-geoip v2ray-domain-list-community ]";
description = mdDoc ''
Assets required to run dae.
'';
description = "Assets required to run dae.";
};

assetsPath = mkOption {
type = types.str;
default = "${genAssetsDrv assets}/share/v2ray";
defaultText = literalExpression ''
(symlinkJoin {
"$\{(symlinkJoin {
name = "dae-assets";
paths = assets;
})/share/v2ray
})}/share/v2ray"
'';
description = mdDoc ''
description = ''
The path which contains geolocation database.
This option will override `assets`.
'';
Expand All @@ -57,9 +46,9 @@ in
openFirewall = mkOption {
type = with types; submodule {
options = {
enable = mkEnableOption "enable";
enable = mkEnableOption ("opening {option}`port` in the firewall");
port = mkOption {
type = types.int;
type = types.port;
description = ''
Port to be opened. Consist with field `tproxy_port` in config file.
'';
Expand All @@ -76,98 +65,112 @@ in
port = 12345;
}
'';
description = mdDoc ''
description = ''
Open the firewall port.
'';
};

configFile = mkOption {
type = types.path;
default = "/etc/dae/config.dae";
type = with types; (nullOr path);
default = null;
example = "/path/to/your/config.dae";
description = mdDoc ''
description = ''
The path of dae config file, end with `.dae`.
Will fallback to `/etc/dae/config.dae` if this is not set.
'';
};

config = mkOption {
type = types.str;
default = ''
global{}
routing{}
'';
description = mdDoc ''
type = with types; (nullOr str);
default = null;
description = ''
WARNING: This option will expose your config unencrypted world-readable in the nix store.
Config text for dae.

See <https://github.com/daeuniverse/dae/blob/main/example.dae>.
'';
};

disableTxChecksumIpGeneric =
mkEnableOption (mdDoc "See https://github.com/daeuniverse/dae/issues/43");
mkEnableOption "" // { description = "See <https://github.com/daeuniverse/dae/issues/43>"; };

};
};

config = lib.mkIf cfg.enable
(lib.mkMerge [
(lib.mkIf (cfg.configFile == null)
{
environment.etc."dae/config.dae" = {
mode = "0400";
source = pkgs.writeText "config.dae" cfg.config;
};
})
{
environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ];

networking = lib.mkIf cfg.openFirewall.enable {
firewall =
let portToOpen = cfg.openFirewall.port;
in
{
allowedTCPPorts = [ portToOpen ];
allowedUDPPorts = [ portToOpen ];
};
};

{
environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ];
systemd.services.dae =
let
daeBin = lib.getExe cfg.package;

environment.etc."dae/config.dae" = {
mode = "0400";
source = pkgs.writeText "config.dae" cfg.config;
};
TxChecksumIpGenericWorkaround = with lib;
(getExe pkgs.writeShellApplication {
name = "disable-tx-checksum-ip-generic";
text = with pkgs; ''
iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}')
${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off
'';
});

networking = lib.mkIf cfg.openFirewall.enable {
firewall =
let portToOpen = cfg.openFirewall.port;
configPath = if cfg.configFile != null then cfg.configFile else "/etc/dae/config.dae";
in
{
allowedTCPPorts = [ portToOpen ];
allowedUDPPorts = [ portToOpen ];
wantedBy = [ "multi-user.target" ];
reloadTriggers = [ cfg.config ];
serviceConfig = {
ExecStartPre = [ "" "${daeBin} validate -c ${configPath}" ]
++ (with lib; optional cfg.disableTxChecksumIpGeneric TxChecksumIpGenericWorkaround);
ExecStart = [ "" "${daeBin} run --disable-timestamp -c ${configPath}" ];
Environment = "DAE_LOCATION_ASSET=${cfg.assetsPath}";
};
};
};

systemd.services.dae =
let
daeBin = lib.getExe cfg.package;
TxChecksumIpGenericWorkaround = with lib;(getExe pkgs.writeShellApplication {
name = "disable-tx-checksum-ip-generic";
text = with pkgs; ''
iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}')
${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off
assertions = [
{
assertion = lib.pathExists (toString (genAssetsDrv cfg.assets) + "/share/v2ray");
message = ''
Packages in `assets` has no preset path `/share/v2ray` included.
Please set `assetsPath` instead.
'';
});
in
{
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStartPre = [ "" "${daeBin} validate -c ${cfg.configFile}" ]
++ (with lib; optional cfg.disableTxChecksumIpGeneric TxChecksumIpGenericWorkaround);
ExecStart = [ "" "${daeBin} run --disable-timestamp -c ${cfg.configFile}" ];
Environment = "DAE_LOCATION_ASSET=${cfg.assetsPath}";
};
};
}

assertions = [
{
assertion = lib.pathExists (toString (genAssetsDrv cfg.assets) + "/share/v2ray");
message = ''
Packages in `assets` has no preset paths included.
Please set `assetsPath` instead.
'';
}
{
assertion = !((config.services.dae.config != null)
&& (config.services.dae.configFile != null));
message = ''
Option `config` and `configFile` could not be set at the same time.
'';
}

{
assertion = !((config.services.dae.config != "global{}\nrouting{}\n")
&& (config.services.dae.configFile != "/etc/dae/config.dae"));
message = ''
Option `config` and `configFile` could not be set
at the same time.
'';
}
];
};
{
assertion = !((config.services.dae.config == null)
&& (config.services.dae.configFile == null));
message = ''
Either `config` or `configFile` should be set.
'';
}
];
}
]);
}
28 changes: 6 additions & 22 deletions daed/module.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,44 +1,30 @@
inputs: { config, lib, pkgs, ... }:
{ config, lib, ... }:

let
cfg = config.services.daed;
defaultDaedPackage = inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.daed;
in
{
# disables Nixpkgs daed module to avoid conflicts
disabledModules = [ "services/networking/daed.nix" ];

options = {
services.daed = with lib;{
enable = mkEnableOption
(mdDoc "A modern dashboard for dae");
enable = mkEnableOption "A modern dashboard for dae";

package = mkOption {
type = types.path;
default = defaultDaedPackage;
defaultText = literalExpression ''
daed.packages.${pkgs.stdenv.hostPlatform.system}.daed
'';
example = literalExpression "pkgs.daed";
description = mdDoc ''
The daed package to use.
'';
defaultText = lib.literalMD "`packages.daed` from this flake";
};

configDir = mkOption {
type = types.str;
default = "/etc/daed";
description = mdDoc ''
The daed work directory.
'';
description = "The daed work directory.";
};

listen = mkOption {
type = types.str;
default = "0.0.0.0:2023";
description = mdDoc ''
The daed listen address.
'';
description = "The daed listen address.";
};

openFirewall = mkOption {
Expand All @@ -63,9 +49,7 @@ in
port = 12345;
}
'';
description = mdDoc ''
Open the firewall port.
'';
description = "Open the firewall port.";
};
};
};
Expand Down
24 changes: 12 additions & 12 deletions flake.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading