gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(rtl): service

Browse source
This commit is contained in:
arcnmx 2025-01-27 15:23:27 -08:00
parent 6931de7d18
commit b4dbcc71f0
7 changed files with 156 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

75
modules/nixos/rtl_tcp.nix Normal file
View file

@ -0,0 +1,75 @@
{
pkgs,
config,
lib,
utils,
...
}: let
inherit (lib.options) mkOption mkEnableOption mkPackageOption;
inherit (lib.modules) mkIf mkMerge mkOptionDefault mkDefault;
inherit (lib.trivial) mapNullable;
inherit (lib.lists) optionals;
inherit (utils) escapeSystemdExecArgs;
cfg = config.services.rtl_tcp;
defaultPort = 1234;
defaultUser = "rtl_tcp";
in {
options.services.rtl_tcp = with lib.types; {
enable = mkEnableOption "rtl_tcp";
package = mkPackageOption pkgs "rtl-sdr-blog" {};
port = mkOption {
type = port;
default = defaultPort;
};
openFirewall = mkOption {
type = bool;
default = false;
};
user = mkOption {
type = nullOr str;
default = defaultUser;
};
group = mkOption {
type = nullOr str;
};
extraArgs = mkOption {
type = listOf str;
default = [];
};
};
config = let
serviceConf.services.rtl_tcp = {
group = mkOptionDefault (if cfg.user == defaultUser then defaultUser else null);
};
execArgs = optionals (cfg.port != defaultPort) [
"-p" (toString cfg.port)
] ++ cfg.extraArgs;
conf.systemd.services.rtl_tcp = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
ExecStart = "${cfg.package}/bin/rtl_tcp ${escapeSystemdExecArgs execArgs}";
DynamicUser = mkDefault (cfg.user == null);
User = if cfg.user != null then cfg.user else defaultUser;
Group = cfg.group;
};
};
conf.environment.systemPackages = [cfg.package];
conf.users.users.${defaultUser} = mkIf (cfg.user == defaultUser) {
group = cfg.group;
isSystemUser = true;
extraGroups = mkIf config.hardware.rtl-sdr.enable [
"plugdev"
];
};
conf.users.groups.${defaultUser} = mkIf (cfg.user == defaultUser) {
};
conf.networking.firewall = {
allowedTCPPorts = mkIf cfg.openFirewall [cfg.port];
};
in mkMerge [
(mkIf cfg.enable conf)
serviceConf
];
}

34
modules/system/exports/rtl.nix Normal file
View file

@ -0,0 +1,34 @@
{
lib,
gensokyo-zone,
...
}: let
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
inherit (lib.modules) mkIf;
in {
config.exports.services.rtl_tcp = {config, ...}: {
id = mkAlmostOptionDefault "rtl";
nixos = {
serviceAttr = "rtl_tcp";
assertions = let
mkAssertion = f: nixosConfig: let
cfg = nixosConfig.services.rtl_tcp;
in
f nixosConfig cfg;
in
mkIf config.enable [
(mkAssertion (nixosConfig: cfg: {
assertion = config.ports.tcp.port == cfg.port;
message = "port mismatch";
}))
];
};
defaults.port.listen = mkAlmostOptionDefault "lan";
ports = {
tcp = {
port = mkAlmostOptionDefault 1234;
transport = "tcp";
};
};
};
}

18
nixos/openwebrx.nix
View file

@ -4,17 +4,25 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (lib.modules) mkIf mkDefault; inherit (lib.options) mkOption;
inherit (lib.modules) mkIf mkDefault mkOptionDefault;
cfg = config.services.openwebrx; cfg = config.services.openwebrx;
user = "openwebrx"; user = "openwebrx";
in { in {
services.openwebrx = { options.services.openwebrx = with lib.types; {
hardwareDev = mkOption {
type = nullOr int;
};
};
config.services.openwebrx = {
enable = mkDefault true; enable = mkDefault true;
package = mkDefault pkgs.openwebrxplus; package = mkDefault pkgs.openwebrxplus;
user = mkDefault user; user = mkDefault user;
hardwareDev = mkIf config.hardware.rtl-sdr.enable (mkOptionDefault 0);
}; };
users = mkIf cfg.enable { config.users = mkIf cfg.enable {
users.${user} = { users.${user} = {
uid = 912; uid = 912;
isSystemUser = true; isSystemUser = true;
@ -29,7 +37,7 @@ in {
}; };
}; };
sops.secrets = let config.sops.secrets = let
sopsFile = mkDefault ./secrets/openwebrx.yaml; sopsFile = mkDefault ./secrets/openwebrx.yaml;
in in
mkIf cfg.enable { mkIf cfg.enable {
@ -41,7 +49,7 @@ in {
}; };
}; };
networking.firewall = mkIf cfg.enable { config.networking.firewall = mkIf cfg.enable {
interfaces.lan.allowedTCPPorts = mkIf cfg.enable [ interfaces.lan.allowedTCPPorts = mkIf cfg.enable [
cfg.port cfg.port
]; ];

18
nixos/rtl_tcp.nix Normal file
View file

@ -0,0 +1,18 @@
{
config,
gensokyo-zone,
lib,
...
}: let
inherit (lib.modules) mkIf;
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
cfg = config.services.rtl_tcp;
in {
services.rtl_tcp = {
enable = mkAlmostOptionDefault true;
};
hardware.rtl-sdr.enable = mkAlmostOptionDefault true;
networking.firewall.interfaces.lan = mkIf (cfg.enable && !cfg.openFirewall) {
allowedTCPPorts = [cfg.port];
};
}

1
systems/kasen/default.nix
View file

@ -13,6 +13,7 @@ _: {
tailscale.enable = true; tailscale.enable = true;
nginx.enable = true; nginx.enable = true;
openwebrx.enable = true; openwebrx.enable = true;
rtl_tcp.enable = true;
}; };
}; };
network.networks = { network.networks = {

6
systems/kasen/nixos.nix
View file

@ -3,7 +3,9 @@
config, config,
lib, lib,
... ...
}: { }: let
inherit (lib.modules) mkIf;
in {
imports = let imports = let
inherit (meta) nixos; inherit (meta) nixos;
in [ in [
@ -12,12 +14,14 @@
nixos.tailscale nixos.tailscale
nixos.nginx nixos.nginx
nixos.openwebrx nixos.openwebrx
nixos.rtl_tcp
]; ];
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true; boot.loader.generic-extlinux-compatible.enable = true;
hardware.rtl-sdr.enable = true; hardware.rtl-sdr.enable = true;
services.openwebrx.hardwareDev = mkIf config.services.rtl_tcp.enable null;
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;

10
tf/tailscale_devices.tf
View file

@ -3,6 +3,7 @@ locals {
tailscale_tag_genso = "tag:gensokyo" tailscale_tag_genso = "tag:gensokyo"
tailscale_tag_reisen = "tag:reisen" tailscale_tag_reisen = "tag:reisen"
tailscale_tag_minecraft = "tag:minecraft" tailscale_tag_minecraft = "tag:minecraft"
tailscale_tag_rtl = "tag:rtl"
tailscale_tag_arc = "tag:arc" tailscale_tag_arc = "tag:arc"
tailscale_tag_arc_deploy = "tag:arc-deploy" tailscale_tag_arc_deploy = "tag:arc-deploy"
@ -29,6 +30,7 @@ resource "tailscale_acl" "tailnet" {
"${local.tailscale_tag_reisen}" : [local.tailscale_group_admin, local.tailscale_tag_infra], "${local.tailscale_tag_reisen}" : [local.tailscale_group_admin, local.tailscale_tag_infra],
"${local.tailscale_tag_genso}" : [local.tailscale_group_admin, local.tailscale_tag_arc_deploy, local.tailscale_tag_kat_deploy], "${local.tailscale_tag_genso}" : [local.tailscale_group_admin, local.tailscale_tag_arc_deploy, local.tailscale_tag_kat_deploy],
"${local.tailscale_tag_minecraft}" : [local.tailscale_group_admin, local.tailscale_tag_infra], "${local.tailscale_tag_minecraft}" : [local.tailscale_group_admin, local.tailscale_tag_infra],
"${local.tailscale_tag_rtl}" : [local.tailscale_group_admin, local.tailscale_tag_infra],
"${local.tailscale_tag_arc}" : [local.tailscale_user_arc, local.tailscale_tag_arc_deploy], "${local.tailscale_tag_arc}" : [local.tailscale_user_arc, local.tailscale_tag_arc_deploy],
"${local.tailscale_tag_arc_deploy}" : [local.tailscale_user_arc], "${local.tailscale_tag_arc_deploy}" : [local.tailscale_user_arc],
"${local.tailscale_tag_kat}" : [local.tailscale_user_kat, local.tailscale_tag_kat_deploy], "${local.tailscale_tag_kat}" : [local.tailscale_user_kat, local.tailscale_tag_kat_deploy],
@ -60,6 +62,14 @@ resource "tailscale_acl" "tailnet" {
"${local.tailscale_tag_minecraft}:19132,19133,25565", "${local.tailscale_tag_minecraft}:19132,19133,25565",
] ]
}, },
{
action = "accept"
src = ["*"]
dst = [
"autogroup:self:*",
"${local.tailscale_tag_rtl}:1234",
]
},
{ {
action = "accept" action = "accept"
src = [local.tailscale_group_member] src = [local.tailscale_group_member]