clanService yggdrasil

2025-10-17 16:57:26 +07:00
parent be25560858
commit 2eb52251cc
17 changed files with 219 additions and 0 deletions
--- a/modules/clan/yggdrasil/default.nix
+++ b/modules/clan/yggdrasil/default.nix
@@ -0,0 +1,51 @@
+{ ... }:
+{
+  _class = "clan.service";
+  manifest.name = "yggdrasil";
+  manifest.description = "An in scalable routing as an encrypted IPv6 overlay network";
+  manifest.categories = [ "System" ];
+
+  roles.default = {
+    perInstance.nixosModule =
+      {
+        lib,
+        config,
+        pkgs,
+        ...
+      }:
+      {
+        clan.core.vars.generators.yggdrasil = {
+          files = {
+            yggdrasil-secret = {
+              secret = true;
+            };
+            yggdrasil-ip = {
+              secret = false;
+            };
+          };
+          runtimeInputs = with pkgs; [
+            yggdrasil
+            jq
+          ];
+          script = ''
+            yggdrasil -genconf -json | jq {PrivateKey} > $out/yggdrasil-secret
+            cat $out/yggdrasil-secret | yggdrasil -useconf -address | tr -d "\n" > $out/yggdrasil-ip
+          '';
+        };
+
+        services.yggdrasil = {
+          enable = lib.mkDefault true;
+          configFile = config.clan.core.vars.generators.yggdrasil.files.yggdrasil-secret.path;
+          settings = {
+            Peers = [
+              # US Peers
+              "tls://ygg.jjolly.dev:3443"
+              "tls://[2602:fc24:18:7a42::1]:993"
+              "tcp://leo.node.3dt.net:9002"
+              "tcp://ygg-kcmo.incognet.io:8883"
+            ];
+          };
+        };
+      };
+  };
+}
--- a/modules/clan/yggdrasil/flake-module.nix
+++ b/modules/clan/yggdrasil/flake-module.nix
@@ -0,0 +1,23 @@
+{
+  lib,
+  inputs,
+  self,
+  ...
+}:
+let
+  module = lib.modules.importApply ./default.nix { };
+in
+{
+  clan.modules = {
+    yggdrasil = module;
+  };
+  perSystem =
+    { ... }:
+    {
+      # clan.nixosTests.yggdrasil = {
+      #   imports = [ ./tests/vm/default.nix ];
+      #
+      #   clan.modules."@clan/yggdrasil" = module;
+      # };
+    };
+}
--- a/modules/clan/yggdrasil/tests/vm/default.nix
+++ b/modules/clan/yggdrasil/tests/vm/default.nix
@@ -0,0 +1,37 @@
+{
+  ...
+}:
+{
+  name = "service-yggdrasil";
+
+  clan = {
+    directory = ./.;
+    inventory = {
+      machines.server = { };
+
+      instances = {
+        yggdrasil-test = {
+          module.name = "@clan/yggdrasil";
+          module.input = "self";
+          roles.default.machines."server".settings = { };
+        };
+      };
+    };
+  };
+
+  nodes = {
+    server = {
+      services.yggdrasil = {
+      };
+    };
+  };
+
+  testScript = ''
+    start_all()
+
+    server.wait_for_unit("yggdrasil")
+
+    # Check that garage is running
+    server.succeed("systemctl status yggdrasil")
+  '';
+}
--- a/modules/clan/yggdrasil/tests/vm/sops/machines/server/key.json
+++ b/modules/clan/yggdrasil/tests/vm/sops/machines/server/key.json
@@ -0,0 +1,6 @@
+[
+  {
+    "publickey": "age12ldrhhffl0jeteh8f0rzhezs0ulggg5jyqph6xzrgjw2dv40pqwq49lej9",
+    "type": "age"
+  }
+]
--- a/modules/clan/yggdrasil/tests/vm/sops/secrets/server-age.key/secret
+++ b/modules/clan/yggdrasil/tests/vm/sops/secrets/server-age.key/secret
@@ -0,0 +1,15 @@
+{
+	"data": "ENC[AES256_GCM,data:pGMobS67sLp2GN2Xw7A/trcLYnQdVZCUbjtlwS/AShXxyXgHXzkqRee6R765GZyCpDwM8A1IuMZYctrqWxVXrpIAiJpwvwy7vDM=,iv:ysRf5xAXN+dFSx+sFHNDt1GcVQx7RLej4c12v60iSI0=,tag:yXYpWhWLdsz9BOOoKpZU4g==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UmhPdzcrSnFhVUxRNDBL\ncXlGRzdMdWxCWmFlUkE4RnJRQ3psMlBqV0Q0CkRjTXFoQitQbjRhMlVjaDc3UDN1\nR1hBeXlCeWxvdnZoVWI1ZkcweHF5VncKLS0tIHE4YVFhYTZTNko1MnJINjFPYXh4\ndlJJZThGZ0JIaDJWRTNXbXk3alNZTnMKgd+0535zoTu6xW2778uNReu4Z7LStN6d\n1O9SXAB+s1iOZ3xGEICiQTVF/6p8RE6lheV2oXgoMiXXrFNH6INLsw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-10-17T05:34:34Z",
+		"mac": "ENC[AES256_GCM,data:YIpKJlOI6ASgOYqv9ipu+T3c+PlM5HwvdFVH8gh8hVeSbmxD1baPPmVSWlLv+u61Q1/C9PK4mczaASopaGiLoswep+Hc1Gn7sSeP9wO6Djx6fEIEyE1VUhUbTqi/nHYiB21yB/wegfpqzNYIn1nO0oFCmDmSS5qIowcT1fhYIjM=,iv:lzxll5oC7poLvC/hZPexUGAcAdf67xZGRXUpj6O3p6Y=,tag:9xu17Y5MtW5XNzGBsWwA3g==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}
--- a/modules/clan/yggdrasil/tests/vm/sops/secrets/server-age.key/users/admin
+++ b/modules/clan/yggdrasil/tests/vm/sops/secrets/server-age.key/users/admin
@@ -0,0 +1 @@
+../../../users/admin
--- a/modules/clan/yggdrasil/tests/vm/sops/users/admin/key.json
+++ b/modules/clan/yggdrasil/tests/vm/sops/users/admin/key.json
@@ -0,0 +1,4 @@
+{
+  "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
+  "type": "age"
+}
--- a/modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-ip/value
+++ b/modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-ip/value
@@ -0,0 +1 @@
+204:5ce7:aa27:579b:ec90:6907:4ddc:177
--- a/modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-secret/machines/server
+++ b/modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-secret/machines/server
@@ -0,0 +1 @@
+../../../../../../sops/machines/server
--- a/modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-secret/secret
+++ b/modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-secret/secret
@@ -0,0 +1,19 @@
+{
+	"data": "ENC[AES256_GCM,data:I6yalWQ2u5hI84lJTUmh07JxUBp4EZukJrSGSN7wsGiUGlFa1v/RT1XkTiXuRjDtUVYCLmQmfSCAp/OqFscxF8KL+s24iTDrG4e3S6AeKLa3oZrNJIt1EJ06gWrPNoh1ttmwXSd4Y4Bsk4Lg8vIjH4qw3Bx+KrufxYTqe+anfMdoXKnW8wOWud5O7HMvCh+sf4dNcf6PIQ==,iv:SF5qExXNPyif+LIcNhHP0PKELUBXaFsPj9B3wvUkEp0=,tag:QEkZXDrIdcpNiZ6l2ljOPw==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age12ldrhhffl0jeteh8f0rzhezs0ulggg5jyqph6xzrgjw2dv40pqwq49lej9",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBENDhrWVRuYjRnZktROU4v\nSHNtODFGMWl0NDRHazIwcWl0WGtNY2dYMXhnCmZQQ0doS3BTaU5hRHVsVTB5THl1\nWUNDQUNiMVJFeFZnQ1ptYmFQdTJQc28KLS0tIEtJdUQ5Y1VqSThkSVVNcVNVNEFr\nMzBCRjM1L1V5TngrZG5rR0VHY3Z6TDAKPQ6P96upDeh8xwQDrX4Zcf71Dah5zkOJ\n/F5eODEBadzQSRmJuyp3+uRMFf47eR6Q5bVah3NsVxFquXOL3CtNlw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHb0EwT2tuMVE5SE5XaWdQ\ncGR0bFFhOUQvM2dGUzdlUEFFbzRnTHBWWUVnCjFGTXcrWW1vR0x5dXBUamtkS0dF\neG9weUVwQzhhNHhPRUdqV1VnWXJyNFEKLS0tIC80b1ZqRGFOenpENDN1Vk5vRUhY\nVnJzZ1Q5VzZ6ZEZtZE13YjQ0VVhrTTAK5y0BjKBRg2AXuO416JWLMLyM/pCQChKn\nVKZMXcT6cc5hHDuqbp9qUofknF68XnzlH6nOyLB1ZtnELyeZuf29fw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-10-17T05:34:35Z",
+		"mac": "ENC[AES256_GCM,data:Y3k83RaeX64LA3rsIkQxyKw+LLUgXVsqr3F2UHkv9h73gkyChc6k1oE/FLR4CsZZWsfLNjCkPMuenqToA2mKqQK0aADwPDYo0aVm0hr1PGX5j3Py6EmP56NFvxlAQsExRWo32eqdkeCkY23hfcmUYlaB+bo/fsrRVj67zag9GYA=,iv:p18i8cV6jKXpuZ1Xd7KYCl8BMe1/8CW9YnCuVrTAqy0=,tag:IJnLzdZOn8Clu+lCKT6zvA==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}
--- a/modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-secret/users/admin
+++ b/modules/clan/yggdrasil/tests/vm/vars/per-machine/server/yggdrasil/yggdrasil-secret/users/admin
@@ -0,0 +1 @@
+../../../../../../sops/users/admin