keep the Makefile up-to-date with NixOS module

Author: nyiyui

Makefile

@@ -1,5 +1,6 @@
 src=.
 path=${shell pwd}
+tags = sdnotiy
 ldflags-mio = -X github.com/nyiyui/qrystal/mio.CommandBash=${shell which bash}
 ldflags-mio += -X github.com/nyiyui/qrystal/mio.CommandWg=${shell which wg}
 ldflags-mio += -X github.com/nyiyui/qrystal/mio.CommandWgQuick=${shell which wg-quick}
@@ -10,76 +11,62 @@ ldflags-runner = -X github.com/nyiyui/qrystal/runner.NodeUser=qrystal-node
 all: runner-mio runner-hokuto runner-node runner gen-keys cs
 
 runner-mio:
-	cd ${src} && go build -race -ldflags "${ldflags-mio}" -o ${path}/runner-mio ${src}/cmd/runner-mio
+	cd ${src} && go build -race -tags "${tags}" -ldflags "${ldflags-mio}" -o ${path}/runner-mio ${src}/cmd/runner-mio
 
 runner-hokuto:
-	cd ${src} && go build -race -o ${path}/runner-hokuto ${src}/cmd/runner-hokuto
+	cd ${src} && go build -race -tags "${tags}" -o ${path}/runner-hokuto ${src}/cmd/runner-hokuto
 
 runner-node:
-	cd ${src} && go build -race -ldflags "${ldflags-node}" -o ${path}/runner-node ${src}/cmd/runner-node
+	cd ${src} && go build -race -tags "${tags}" -ldflags "${ldflags-node}" -o ${path}/runner-node ${src}/cmd/runner-node
 
 runner:
-	cd ${src} && go build -race -ldflags "${ldflags-runner}" -o ${path}/runner ${src}/cmd/runner
+	cd ${src} && go build -race -tags "${tags}" -ldflags "${ldflags-runner}" -o ${path}/runner ${src}/cmd/runner
 
 gen-keys:
-	cd ${src} && go build -race -o ${path}/gen-keys ${src}/cmd/gen-keys
+	cd ${src} && go build -race -tags "${tags}" -o ${path}/gen-keys ${src}/cmd/gen-keys
 
 cs:
-	cd ${src} && go build -race -o ${path}/cs ${src}/cmd/cs
+	cd ${src} && go build -race -tags "${tags}" -o ${path}/cs ${src}/cmd/cs
 
 cs-push:
-	cd ${src} go build -race -o ${path}/cs-push ${src}/cmd/cs-push
+	cd ${src} go build -race -tags "${tags}" -o ${path}/cs-push ${src}/cmd/cs-push
 
 install-cs-push: cs-push
 	install -m 755 -o root -g root $@ ${pkdir}/usr/bin/qrystal-cs-push
 
 uninstall-cs-push:
 	rm -f ${pkgdir}/usr/bin/qrystal-cs-push
 
-pre_install:
-	systemctl stop qrystal-runner
+install-cs: cs
 	systemctl stop qrystal-cs
-
-post_install:
-	systemctl start qrystal-runner
-	systemctl start qrystal-cs
-
-install: runner-mio runner-hokuto runner-node runner gen-keys cs
+	#
+	mkdir -p "${pkgdir}/opt/qrystal"
+	install -m 755 -o root -g root $@ ${pkdir}/opt/qrystal/qrystal-cs
 	mkdir -p "${pkgdir}/usr/lib/sysusers.d"
-	install -m 644 '${src}/config/sysusers.conf' "${pkgdir}/usr/lib/sysusers.d/qrystal.conf"
+	install -m 644 '${src}/config/sysusers-cs.conf' "${pkgdir}/usr/lib/sysusers.d/qrystal-cs.conf"
 	systemctl restart systemd-sysusers
-	mkdir -p "${pkgdir}/usr/bin"
-	install -o root -g root -m 555 ${path}/runner   "${pkgdir}/usr/bin/qrystal-runner"
-	install -o root -g root -m 555 ${path}/gen-keys "${pkgdir}/usr/bin/qrystal-gen-keys"
-	install -o root -g root -m 555 ${path}/cs       "${pkgdir}/usr/bin/qrystal-cs"
-	mkdir -p "${pkgdir}/opt/qrystal"
-	install -o root -g root -m 500 \
-		${path}/runner-mio \
-		${path}/runner-hokuto \
-		${src}/mio/dev-add.sh \
-		${src}/mio/dev-remove.sh \
-	  "${pkgdir}/opt/qrystal/"
-	install -o root -g root -m 555 \
-		${path}/runner-node \
-	  "${pkgdir}/opt/qrystal/"
+	#
 	mkdir -p "${pkgdir}/etc/qrystal"
 	chown root:qrystal-node "${pkgdir}/etc/qrystal"
 	chmod 755 "${pkgdir}/etc/qrystal"
-	cp -n \
-		'${src}/config/cs-config.yml' \
-		'${src}/config/runner-config.yml' \
-		'${src}/config/node-config.yml' \
-		"${pkgdir}/etc/qrystal/"
+	install '${src}/config/cs-config.yml' "${pkgdir}/etc/qrystal/"
 	chown root:qrystal-cs "${pkgdir}/etc/qrystal/cs-config.yml"
 	chmod 640 "${pkgdir}/etc/qrystal/cs-config.yml"
-	chown root:qrystal-node "${pkgdir}/etc/qrystal/node-config.yml"
-	chmod 640 "${pkgdir}/etc/qrystal/node-config.yml"
-	chmod 600 "${pkgdir}/etc/qrystal/runner-config.yml"
+	#
 	mkdir -p "${pkgdir}/usr/lib/systemd/system"
-	install '${src}/config/runner.service' "${pkgdir}/usr/lib/systemd/system/qrystal-runner.service"
 	install '${src}/config/cs.service' "${pkgdir}/usr/lib/systemd/system/qrystal-cs.service"
 	systemctl daemon-reload
 
+uninstall-cs:
+	systemctl stop qrystal-cs
+	rm -f ${pkgdir}/usr/bin/qrystal-cs
+	rm -rf "${pkgdir}/opt/qrystal/qrystal-cs" \
+		"${pkgdir}/etc/qrystal/cs-config.yml"
+	rmdir "${pkgdir}/opt/qrystal" \
+		"${pkgdir}/etc/qrystal"
+	rm -f "${pkgdir}/usr/lib/sysusers.d/qrystal-cs.conf" \
+		"${pkgdir}/usr/lib/systemd/system/qrystal-cs.service"
+
 uninstall:
 	rm -rf "${pkgdir}/opt/qrystal" \
 		"${pkgdir}/etc/qrystal"

config/cs-config.yml

@@ -1,32 +1,33 @@
-# NOTE: options not commented out are required.
+# NOTE: options not commented out are required. Options commented out have the default value filled in.
 tls:
   # path to pem-encoded tls certificate and key
   certPath:
   keyPath:
 # bind address for node API (node)
 addr: :39252
-# bind address for haruka API (cs-push etc)
-harukaAddr: :39253
+# bind address for ryo API (HTTP; for cs-push)
+ryoAddr: :39253
 # path to backport file
-backportPath: $STATE_DIRECTORY/cs-backport.yml
+#backportPath: $STATE_DIRECTORY/cs-backport.yml
 # path to db
-dbPath: $STATE_DIRECTORY/db
+#dbPath: $STATE_DIRECTORY/db
+
 # tokens for node and haruka APIs
 tokens:
   - # friendly name (used in e.g. errors)
     name: 
     # hash of the token (use qrystal-gen-keys)
     hash:
-    # allow token to pull (bool)
+    # Allow token to pull peers (see networks)
     canPull:
-    # networks the token can pull from
+    # Nets this token can pull from and the corresponding peer names.
     networks:
       <net name>: <peer name>
     # allow token to push new peer configs
     canPush:
       # can push to any peer in any net (bool)
       any:
-      # can pish to the following nets (overridden by any: true)
+      # can push to the following nets (overridden by any: true)
       networks:
         <net name>: 
           # can push a peer with this name
@@ -44,7 +45,7 @@ central:
     <net name>:
       # PersistentKeepalive= in wg-quick config
       keepalive: 10s
-      # ListenPort = in wg-quick config
+      # ListenPort= in wg-quick config
       listenPort: 58120
       # all IP addresses (IPv4 only) in the net
       ips:
@@ -58,5 +59,7 @@ central:
           allowed-ips:
             - 10.123.0.1/32
           # peer can only see the following peers
+          # NOTE: has to be either { only: ... } or "any"
           canSee:
             only: [ <peer name>… ]
+          canSee: "any"

config/cs.service

@@ -1,11 +1,12 @@
 [Unit]
 Wants=network-online.target
-After=network.target network-online.target
+After=network-online.target nss-lookup.target
 
 [Service]
 User=qrystal-cs
-ExecStart=qrystal-cs -config /etc/qrystal/cs-config.yml
-Environment=QRYSTAL_PROFILE=on
+Restart=on-failure
+Type=notify
+ExecStart=/opt/qrystal/qrystal-cs -config /etc/qrystal/cs-config.yml
 RuntimeDirectory=qrystal-cs
 RuntimeDirectoryMode=0700
 StateDirectory=qrystal-cs

config/node-config.yml

@@ -0,0 +1,2 @@
+g qrystal-cs -
+u qrystal-cs - "Qrystal CS"

config/runner-config.yml

@@ -275,7 +275,7 @@ args@{ self, system, nixpkgsFor, libFor, nixosLibFor, ldflags, packages, ...
                 ryoAddr = mkOption {
                   type = str;
                   default = ":39253";
-                  description = "Bind address of Ryo (HTTP) API";
+                  description = "Bind address of Ryo (HTTP; for cs-push) API";
                 };
                 tokens = mkOption {
                   type = listOf (submodule {
@@ -401,7 +401,7 @@ args@{ self, system, nixpkgsFor, libFor, nixosLibFor, ldflags, packages, ...
             group = "qrystal-cs";
           };
           systemd.services.qrystal-cs = {
-            wantedBy = [ "network-online.target" ];
+            wants = [ "network-online.target" ];
             serviceConfig = let pkg = packages.cs;
             in {
               User = "qrystal-cs";