gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

yggdrasil-jumper: 0.3.1 -> 0.4.1, update module (#441480)

Browse Source
This commit is contained in:
h7x4
2025-10-10 00:19:45 +00:00
committed by GitHub
parent 9c2812b1da 893bc2af5d
commit 3794080d96
3 changed files with 41 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/release-notes/rl-2511.section.md
View File

@@ -172,6 +172,8 @@
- `vmware-horizon-client` was renamed to `omnissa-horizon-client`, following [VMware's sale of their end-user business to Omnissa](https://www.omnissa.com/insights/introducing-omnissa-the-former-vmware-end-user-computing-business/). The binary has been renamed from `vmware-view` to `horizon-client`. - `vmware-horizon-client` was renamed to `omnissa-horizon-client`, following [VMware's sale of their end-user business to Omnissa](https://www.omnissa.com/insights/introducing-omnissa-the-former-vmware-end-user-computing-business/). The binary has been renamed from `vmware-view` to `horizon-client`.
- `yggdrasil-jumper` has been updated to v0.4, changing traversal protocol. See [release notes](https://github.com/one-d-wide/yggdrasil-jumper/releases/tag/v0.4.0).
- `neovimUtils.makeNeovimConfig` now uses `customLuaRC` parameter instead of accepting `luaRcContent`. The old usage is deprecated but still works with a warning. - `neovimUtils.makeNeovimConfig` now uses `customLuaRC` parameter instead of accepting `luaRcContent`. The old usage is deprecated but still works with a warning.
- `python3Packages.pyocr` no longer supports `cuneiform` on Linux by default. It is still possible to enable it using `withCuneiformSupport` override. - `python3Packages.pyocr` no longer supports `cuneiform` on Linux by default. It is still possible to enable it using `withCuneiformSupport` override.

40
nixos/modules/services/networking/yggdrasil-jumper.nix
View File

@@ -10,11 +10,14 @@ let
escapeShellArgs escapeShellArgs
filter filter
hasPrefix hasPrefix
makeBinPath
mapAttrsToList mapAttrsToList
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
mkPackageOption mkPackageOption
optional
optionals
; ;
format = pkgs.formats.toml { }; format = pkgs.formats.toml { };
in in
@@ -55,14 +58,23 @@ in
''; '';
}; };
detectWireguard = mkOption {
type = bool;
default = true;
description = ''
Control whether `settings.wireguard = true` should automatically
provide CAP_NET_ADMIN capability and make the necessary packages
available to Yggdrasil Jumper service.
'';
};
settings = mkOption { settings = mkOption {
type = format.type; type = format.type;
default = { }; default = { };
example = { example = {
listen_port = 9999; listen_port = 9999;
whitelist = [ whitelist = [ "<IPv6 address of a remote node>" ];
"<IPv6 address of a remote node>" wireguard = true;
];
}; };
description = '' description = ''
Configuration for Yggdrasil Jumper as a Nix attribute set. Configuration for Yggdrasil Jumper as a Nix attribute set.
@@ -114,10 +126,22 @@ in
let let
cfg = config.services.yggdrasil-jumper; cfg = config.services.yggdrasil-jumper;
wg = cfg.detectWireguard && (cfg.settings ? wireguard) && cfg.settings.wireguard;
wgExtraPkgs = optionals wg (
with pkgs;
[
iproute2
iptables
wireguard-tools
conntrack-tools
]
);
# Generate, concatenate and validate config file # Generate, concatenate and validate config file
jumperSettings = format.generate "yggdrasil-jumper-settings" cfg.settings; jumperSettings = format.generate "yggdrasil-jumper-settings" cfg.settings;
jumperExtraConfig = pkgs.writeText "yggdrasil-jumper-extra-config" cfg.extraConfig; jumperExtraConfig = pkgs.writeText "yggdrasil-jumper-extra-config" cfg.extraConfig;
jumperConfig = pkgs.runCommand "yggdrasil-jumper-config" { } '' jumperConfig = pkgs.runCommand "yggdrasil-jumper-config" { } ''
export PATH="${makeBinPath wgExtraPkgs}:$PATH"
cat ${jumperSettings} ${jumperExtraConfig} \ cat ${jumperSettings} ${jumperExtraConfig} \
| tee $out \ | tee $out \
| ${cfg.package}/bin/yggdrasil-jumper --validate --config - | ${cfg.package}/bin/yggdrasil-jumper --validate --config -
@@ -158,6 +182,7 @@ in
unitConfig.BindsTo = [ "yggdrasil.service" ]; unitConfig.BindsTo = [ "yggdrasil.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = wgExtraPkgs;
serviceConfig = { serviceConfig = {
User = "yggdrasil"; User = "yggdrasil";
DynamicUser = true; DynamicUser = true;
@@ -179,9 +204,16 @@ in
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;
ProtectControlGroups = true; ProtectControlGroups = true;
ProtectHome = "tmpfs"; ProtectHome = "tmpfs";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
]
++ optional wg "AF_NETLINK";
RestrictNamespaces = true; RestrictNamespaces = true;
RestrictRealtime = true; RestrictRealtime = true;
AmbientCapabilities = optional wg "CAP_NET_ADMIN";
CapabilityBoundingSet = optional wg "CAP_NET_ADMIN";
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallFilter = [ SystemCallFilter = [
"@system-service" "@system-service"

6
pkgs/by-name/yg/yggdrasil-jumper/package.nix
View File

@@ -7,16 +7,16 @@
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "yggdrasil-jumper"; pname = "yggdrasil-jumper";
version = "0.3.1"; version = "0.4.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "one-d-wide"; owner = "one-d-wide";
repo = "yggdrasil-jumper"; repo = "yggdrasil-jumper";
rev = "refs/tags/v${version}"; rev = "refs/tags/v${version}";
hash = "sha256-Op3KBJ911AjB7BIJuV4xR8KHMxBtQj7hf++tC1g7SlM="; hash = "sha256-e/QTLWqRlEFMl3keQMeJaxfVJh28W/WbuUsmEAaLAf4=";
}; };
cargoHash = "sha256-EbG83rGlUbiJC1qm9H1+YrCFSq23kSDeW7KMHP8Wee8="; cargoHash = "sha256-aWDeRcOV/5x0BB0aunp52en9hIuPrYr+pNgLCjiscaE=";
passthru.updateScript = nix-update-script { }; passthru.updateScript = nix-update-script { };