reload destination -> target and module fixes

2026-06-03 09:04:07 +02:00 · 2025-10-31 22:40:04 +01:00 · 2025-10-31 22:40:04 +01:00 · 5e5ee227fc
commit 5e5ee227fc
parent 645a6e9978
10 changed files with 69 additions and 42 deletions
--- a/nix/module.nix
+++ b/nix/module.nix
@ -9,7 +9,7 @@ with lib; let
  hasNamespaces = cfg.namespaces != {};
  format = pkgs.formats.toml {};
  configFile = format.generate "netnsd.toml" {
-    inherit (cfg) namespaces;
+    namespace = mapAttrsToList (_: value: value) cfg.namespaces;
  };
 in {
  options.networking.netnsd = {
@ -18,6 +18,12 @@ in {
      description = "package to use";
    };

+    logLevel = mkOption {
+      type = types.str;
+      default = "info";
+      description = "Log level";
+    };
+
    namespaces = mkOption {
      type = types.attrsOf (types.submodule ({name, ...}: {
        options = {
@ -31,11 +37,11 @@ in {
              options = {
                source = mkOption {
                  type = types.oneOf [types.port types.str];
-                  default = config.destination;
-                  defaultText = "<destination>";
+                  default = config.target;
+                  defaultText = "<target>";
                  description = "source port, address or socket outside the namespace";
                };
-                destination = mkOption {
+                target = mkOption {
                  type = types.oneOf [types.port types.str];
                  description = "target port or address inside the namespace";
                };
@ -46,6 +52,7 @@ in {
        };
      }));
      description = "namespaces to setup";
+      default = {};
    };
  };

@ -53,17 +60,20 @@ in {
    # symlink instead of passing `configFile` directly to netnsd to allow changing the config without changing the path
    environment.etc."netnsd/netnsd.toml".source = configFile;

-    systemd.services.netcsctl = {
+    systemd.services.netnsd = {
      reloadTriggers = [configFile];

      wantedBy = ["multi-user.target"];
+      before = ["network.target"];
+
+      environment = {
+        RUST_LOG = cfg.logLevel;
+      };
+
      serviceConfig = {
        Restart = "on-failure";
        Type = "notify-reload";
-        ExecStart = "${getExec cfg.pkg} daemon -c /etc/netnsd/netnsd.toml";
-        PrivateTmp = true;
-        ProtectSystem = "full";
-        ProtectHome = true;
+        ExecStart = "${getExe cfg.package} daemon -c /etc/netnsd/netnsd.toml";
        NoNewPrivileges = true;
      };
    };