dotfiles/modules/os/core/networking/eddie.nix
eriedaberrie 7c37e182a2 Initial commit
Note: not the actual initial commit.

I swear I will stop repeatedly force pushing to this single commit eventually
ok.
2024-10-03 15:11:58 -07:00

65 lines
1.6 KiB
Nix

{ pkgs, config, lib, inputs, ... }:
let
cfg = config.my.networking.eddie;
in {
options.my.networking.eddie = {
enable = lib.mkEnableOption null;
package = lib.mkPackageOption inputs.my-nix-packages.packages.${pkgs.system} "eddie-ui" {};
allowedTCPPorts = lib.mkOption {
type = with lib.types; listOf port;
default = [ ];
};
allowedUDPPorts = lib.mkOption {
type = with lib.types; listOf port;
default = [ ];
};
};
config = lib.mkIf cfg.enable {
boot.kernelModules = [ "tun" ];
environment.systemPackages = [ cfg.package ];
networking.iproute2.enable = true;
networking.firewall = {
checkReversePath = "loose";
interfaces = rec {
tun0 = {inherit (cfg) allowedTCPPorts allowedUDPPorts;};
Eddie = tun0;
};
};
systemd.services.eddie-elevated = {
description = "Eddie Elevation";
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" "network-online.target" ];
after = [
"network-online.target"
"NetworkManager.service"
"systemd-resolved.service"
];
path = (with pkgs; [
iproute2
procps
kmod
mono
])
++ lib.optional config.services.nscd.enable
config.services.nscd.package
++ lib.optional config.networking.firewall.enable
(if config.networking.nftables.enable
then pkgs.nftables
else pkgs.iptables);
serviceConfig = {
ExecStart = "${cfg.package}/lib/eddie-ui/eddie-cli-elevated mode=service";
Restart = "always";
RestartSec = 5;
TimeoutStopSec = 5;
};
};
};
}