dotfiles/modules/os/core/networking/eddie.nix

{ pkgs, config, lib, inputs, ... }:

let
  cfg = config.my.networking.eddie;
in {
  options.my.networking.eddie = {
    enable = lib.mkEnableOption null;
    package = lib.mkPackageOption inputs.my-nix-packages.packages.${pkgs.system} "eddie-ui" {};
    allowedTCPPorts = lib.mkOption {
      type = with lib.types; listOf port;
      default = [ ];
    };
    allowedUDPPorts = lib.mkOption {
      type = with lib.types; listOf port;
      default = [ ];
    };
  };

  config = lib.mkIf cfg.enable {
    boot.kernelModules = [ "tun" ];

    environment.systemPackages = [ cfg.package ];

    networking.iproute2.enable = true;

    networking.firewall = {
      checkReversePath = "loose";

      interfaces = rec {
        tun0 = {inherit (cfg) allowedTCPPorts allowedUDPPorts;};
        Eddie = tun0;
      };
    };

    systemd.services.eddie-elevated = {
      description = "Eddie Elevation";
      wantedBy = [ "multi-user.target" ];
      wants = [ "network.target" "network-online.target" ];
      after = [
        "network-online.target"
        "NetworkManager.service"
        "systemd-resolved.service"
      ];
      path = (with pkgs; [
        iproute2
        procps
        kmod
        mono
      ])
      ++ lib.optional config.services.nscd.enable
        config.services.nscd.package
      ++ lib.optional config.networking.firewall.enable
        (if config.networking.nftables.enable
         then pkgs.nftables
         else pkgs.iptables);
      serviceConfig = {
        ExecStart = "${cfg.package}/lib/eddie-ui/eddie-cli-elevated mode=service";
        Restart = "always";
        RestartSec = 5;
        TimeoutStopSec = 5;
      };
    };
  };
}
Initial commit Note: not the actual initial commit. I swear I will stop repeatedly force pushing to this single commit eventually ok. 2023-01-05 12:14:24 -08:00			`{ pkgs, config, lib, inputs, ... }:`

			`let`
			`cfg = config.my.networking.eddie;`
			`in {`
			`options.my.networking.eddie = {`
			`enable = lib.mkEnableOption null;`
			`package = lib.mkPackageOption inputs.my-nix-packages.packages.${pkgs.system} "eddie-ui" {};`
			`allowedTCPPorts = lib.mkOption {`
			`type = with lib.types; listOf port;`
			`default = [ ];`
			`};`
			`allowedUDPPorts = lib.mkOption {`
			`type = with lib.types; listOf port;`
			`default = [ ];`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`boot.kernelModules = [ "tun" ];`

			`environment.systemPackages = [ cfg.package ];`

			`networking.iproute2.enable = true;`

			`networking.firewall = {`
			`checkReversePath = "loose";`

			`interfaces = rec {`
			`tun0 = {inherit (cfg) allowedTCPPorts allowedUDPPorts;};`
			`Eddie = tun0;`
			`};`
			`};`

			`systemd.services.eddie-elevated = {`
			`description = "Eddie Elevation";`
			`wantedBy = [ "multi-user.target" ];`
			`wants = [ "network.target" "network-online.target" ];`
			`after = [`
			`"network-online.target"`
			`"NetworkManager.service"`
			`"systemd-resolved.service"`
			`];`
			`path = (with pkgs; [`
			`iproute2`
			`procps`
			`kmod`
			`mono`
			`])`
			`++ lib.optional config.services.nscd.enable`
			`config.services.nscd.package`
			`++ lib.optional config.networking.firewall.enable`
			`(if config.networking.nftables.enable`
			`then pkgs.nftables`
			`else pkgs.iptables);`
			`serviceConfig = {`
			`ExecStart = "${cfg.package}/lib/eddie-ui/eddie-cli-elevated mode=service";`
			`Restart = "always";`
			`RestartSec = 5;`
			`TimeoutStopSec = 5;`
			`};`
			`};`
			`};`
			`}`