refactor: rename lib.nix to helpers.nix

To avoid confusion with nixpkgs.lib.
author: Martin Fischer <martin@push-f.com> 2025-03-09 18:52:38 +0100
committer: Martin Fischer <martin@push-f.com> 2025-03-09 19:04:00 +0100
commit: 509f45656171f9aa4fc3398c9a2a2022da11faf8 (patch)
tree: 8e687067c50507ab67d2e1a01c2583e29fb22186 /nixos/helpers.nix
parent: f4101de3db3b6a8771108e587f300156743bd350 (diff)
1 files changed, 32 insertions, 0 deletions
diff --git a/nixos/helpers.nix b/nixos/helpers.nix
new file mode 100644
index 0000000..7880cc7
--- /dev/null
+++ b/nixos/helpers.nix
@@ -0,0 +1,32 @@
+let
+  nixpkgs = import <nixpkgs> {};
+in
+{
+  joinWgNamespace = ns: cfg:
+   nixpkgs.lib.attrsets.recursiveUpdate cfg {
+    bindsTo = ["netns@${ns}.service"];
+    after = ["wireguard-wg-${ns}.service"];
+    unitConfig.JoinsNamespaceOf = "netns@${ns}.service";
+    serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}";
+  };
+
+  mkPortProxy = service: ns: port: {
+    description = "Forward to ${service} in network namespace ${ns}";
+    requires = ["${service}.service"];
+    after = ["${service}.service"];
+    partOf = ["${service}.service"];
+    serviceConfig = {
+      Restart = "on-failure";
+      TimeoutStopSec = 300;
+    };
+    wantedBy = ["multi-user.target"];
+    script =
+      let
+        pkgs = nixpkgs.pkgs;
+      in
+      ''
+        ${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.iproute2}/bin/ip link set dev lo up
+        ${pkgs.socat}/bin/socat tcp-listen:${toString port},fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.socat}/bin/socat STDIO "tcp-connect:localhost:${toString port}"',nofork
+      '';
+  };
+}
author	Martin Fischer <martin@push-f.com>	2025-03-09 18:52:38 +0100
committer	Martin Fischer <martin@push-f.com>	2025-03-09 19:04:00 +0100
commit	509f45656171f9aa4fc3398c9a2a2022da11faf8 (patch)
tree	8e687067c50507ab67d2e1a01c2583e29fb22186 /nixos/helpers.nix
parent	f4101de3db3b6a8771108e587f300156743bd350 (diff)