From bc07451d4f96c77355f7e7ebb7932666d094793d Mon Sep 17 00:00:00 2001 From: oluceps Date: Tue, 12 Sep 2023 00:14:12 +0800 Subject: [PATCH] nixos/dae: fix override existed config issue --- nixos/modules/services/networking/dae.nix | 55 +++++++++++++---------- nixos/tests/dae.nix | 4 ++ 2 files changed, 36 insertions(+), 23 deletions(-) diff --git a/nixos/modules/services/networking/dae.nix b/nixos/modules/services/networking/dae.nix index 42ed3c7f8d4a..a80466c34098 100644 --- a/nixos/modules/services/networking/dae.nix +++ b/nixos/modules/services/networking/dae.nix @@ -18,6 +18,7 @@ in package = mkPackageOptionMD pkgs "dae" { }; + assets = mkOption { type = with types;(listOf path); default = with pkgs; [ v2ray-geoip v2ray-domain-list-community ]; @@ -70,8 +71,8 @@ in }; configFile = mkOption { - type = types.path; - default = "/etc/dae/config.dae"; + type = with types; (nullOr path); + default = null; example = "/path/to/your/config.dae"; description = mdDoc '' The path of dae config file, end with `.dae`. @@ -79,12 +80,10 @@ in }; config = mkOption { - type = types.str; - default = '' - global{} - routing{} - ''; + type = with types; (nullOr str); + default = null; description = mdDoc '' + WARNING: This option will expose store your config unencrypted world-readable in the nix store. Config text for dae. See . @@ -103,11 +102,6 @@ in environment.systemPackages = [ cfg.package ]; systemd.packages = [ cfg.package ]; - environment.etc."dae/config.dae" = { - mode = "0400"; - source = pkgs.writeText "config.dae" cfg.config; - }; - networking = lib.mkIf cfg.openFirewall.enable { firewall = let portToOpen = cfg.openFirewall.port; @@ -121,20 +115,27 @@ in systemd.services.dae = let daeBin = lib.getExe cfg.package; - TxChecksumIpGenericWorkaround = with lib;(getExe pkgs.writeShellApplication { - name = "disable-tx-checksum-ip-generic"; - text = with pkgs; '' - iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}') - ${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off - ''; - }); + + configPath = + if cfg.configFile != null + then cfg.configFile else pkgs.writeText "config.dae" cfg.config; + + TxChecksumIpGenericWorkaround = with lib; + (getExe pkgs.writeShellApplication { + name = "disable-tx-checksum-ip-generic"; + text = with pkgs; '' + iface=$(${iproute2}/bin/ip route | ${lib.getExe gawk} '/default/ {print $5}') + ${lib.getExe ethtool} -K "$iface" tx-checksum-ip-generic off + ''; + }); in { wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStartPre = [ "" "${daeBin} validate -c ${cfg.configFile}" ] + LoadCredential = [ "config.dae:${configPath}" ]; + ExecStartPre = [ "" "${daeBin} validate -c \${CREDENTIALS_DIRECTORY}/config.dae" ] ++ (with lib; optional cfg.disableTxChecksumIpGeneric TxChecksumIpGenericWorkaround); - ExecStart = [ "" "${daeBin} run --disable-timestamp -c ${cfg.configFile}" ]; + ExecStart = [ "" "${daeBin} run --disable-timestamp -c \${CREDENTIALS_DIRECTORY}/config.dae" ]; Environment = "DAE_LOCATION_ASSET=${cfg.assetsPath}"; }; }; @@ -149,13 +150,21 @@ in } { - assertion = !((config.services.dae.config != "global{}\nrouting{}\n") - && (config.services.dae.configFile != "/etc/dae/config.dae")); + assertion = !((config.services.dae.config != null) + && (config.services.dae.configFile != null)); message = '' Option `config` and `configFile` could not be set at the same time. ''; } + + { + assertion = !((config.services.dae.config == null) + && (config.services.dae.configFile == null)); + message = '' + Either `config` or `configFile` should be set. + ''; + } ]; }; } diff --git a/nixos/tests/dae.nix b/nixos/tests/dae.nix index b8c8ebce7457..42a2eb5fe0be 100644 --- a/nixos/tests/dae.nix +++ b/nixos/tests/dae.nix @@ -14,6 +14,10 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { }; services.dae = { enable = true; + config = '' + global{} + routing{} + ''; }; };