clanService yggdrasil

2025-10-17 16:57:26 +07:00
parent be25560858
commit 71f691847e
22 changed files with 270 additions and 0 deletions
--- a/modules/clan/yggdrasil/default.nix
+++ b/modules/clan/yggdrasil/default.nix
@@ -0,0 +1,51 @@
+{ ... }:
+{
+  _class = "clan.service";
+  manifest.name = "yggdrasil";
+  manifest.description = "An in scalable routing as an encrypted IPv6 overlay network";
+  manifest.categories = [ "System" ];
+
+  roles.default = {
+    perInstance.nixosModule =
+      {
+        lib,
+        config,
+        pkgs,
+        ...
+      }:
+      {
+        clan.core.vars.generators.yggdrasil = {
+          files = {
+            yggdrasil-secret = {
+              secret = true;
+            };
+            yggdrasil-ip = {
+              secret = false;
+            };
+          };
+          runtimeInputs = with pkgs; [
+            yggdrasil
+            jq
+          ];
+          script = ''
+            yggdrasil -genconf -json | jq {PrivateKey} > $out/yggdrasil-secret
+            cat $out/yggdrasil-secret | yggdrasil -useconf -address | tr -d "\n" > $out/yggdrasil-ip
+          '';
+        };
+
+        services.yggdrasil = {
+          enable = lib.mkDefault true;
+          configFile = config.clan.core.vars.generators.yggdrasil.files.yggdrasil-secret.path;
+          settings = {
+            Peers = [
+              # US Peers
+              "tls://ygg.jjolly.dev:3443"
+              "tls://[2602:fc24:18:7a42::1]:993"
+              "tcp://leo.node.3dt.net:9002"
+              "tcp://ygg-kcmo.incognet.io:8883"
+            ];
+          };
+        };
+      };
+  };
+}