easytier.services.default: init #476861

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

Moraxyc wants to merge 3 commits into NixOS:master from Moraxyc:add-modular-easytier

+379 −5

Member

Moraxyc commented Jan 4, 2026 •

edited

Loading

easytier: switch to finalAttrs
easytier.services.default: init
nixosTests.easytier-modular: init

An attempt to create a modular service. Please let me know if there’s anything that needs fixing.

It seems there is no way to implement sysctl at the moment. Should we use preStart instead?

nixpkgs/nixos/modules/services/networking/easytier.nix

Lines 283 to 286 in 8f8e97e

    
           boot.kernel.sysctl = mkIf cfg.allowSystemForward { 
        
             "net.ipv4.conf.all.forwarding" = mkOverride 97 true; 
        
             "net.ipv6.conf.all.forwarding" = mkOverride 97 true; 
        
           };

Tracking: #428084

Things done

Add a 👍 reaction to pull requests you find important.

nixpkgs-ci bot added 10.rebuild-darwin: 0 10.rebuild-linux: 0 6.topic: nixos labels

Member Author

Moraxyc commented Jan 4, 2026

`nixpkgs-review` result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 476861 -p nixosTests.easytier-modular
Commit: 3be0efae74ba10a6b9a8928476cd6159a91e55b7 (subsequent changes)
Merge: 5e46dcf0f629ec5904ef680f1b7e0e29be0f7139

Logs: https://github.com/Moraxyc/nixpkgs-review-gha/actions/runs/20694169445

`x86_64-linux`

✅ 1 test built:

nixosTests.easytier-modular

Moraxyc marked this pull request as ready for review

January 4, 2026 14:17

nixpkgs-ci bot requested a review from L-Trump

January 4, 2026 14:28

Contributor

L-Trump commented Jan 5, 2026 •

edited

Loading

I don't think it's a good idea to directly use sysctl in preStart, since it disrupts the existing module system. Perhaps we just let users who need kernel forwarding manually configure the sysctl options, as is done in other distributions.

Has a NixOS VM test
Has a meta.maintainers attribute
Systemd-specific definitions are behind optionalAttrs (options ? systemd) to promote portability.
_class = "service"
Modular services provided through passthru.services must override the default of the package option using finalAttrs.finalPackage
Is the modular services infrastructure sufficient for this service? If one or more features are not covered, comment in Modular services tracking #428084

L-Trump approved these changes

View reviewed changes

nixpkgs-ci bot added 2.status: merge conflict 12.approvals: 1 12.approved-by: package-maintainer labels


          easytier: switch to finalAttrs

efb3390

Moraxyc force-pushed the add-modular-easytier branch from 3be0efa to a557a2f Compare

January 5, 2026 05:04

nixpkgs-ci bot removed the 2.status: merge conflict label

SuperSandro2000 reviewed

View reviewed changes

pkgs/by-name/ea/easytier/service.nix Outdated Show resolved Hide resolved

pkgs/by-name/ea/easytier/service.nix

+                options = {
+                  easytier = {
+                    package = lib.mkOption {

Member

SuperSandro2000 Jan 7, 2026

Please use lib.mkPackageOption.

Member Author

Moraxyc Jan 7, 2026

We should not use mkPackageOption here because package is defined in the place where importApply it.

See package.nix

passthru.services.default = {
    imports = [
      (lib.modules.importApply ./service.nix { inherit formats bash iproute2; })
    ];
    easytier.package = finalAttrs.finalPackage;
  };

pkgs/by-name/ea/easytier/service.nix

+                meta.maintainers = with lib.maintainers; [ moraxyc ];
+                options = {
+                  easytier = {

Member

SuperSandro2000 Jan 7, 2026

An enable option is missing

Member Author

Moraxyc Jan 7, 2026

Since a modular service is designed to be importable, an additional enable option is no need.

pkgs/by-name/ea/easytier/service.nix

Comment on lines +72 to +85

+                            network_secret = lib.mkOption {
+                              type = with lib.types; nullOr str;
+                              default = null;
+                              description = ''
+                                EasyTier network credential used for verification and encryption.
+                                It is highly recommended to use {option}`easytier.environmentFiles` to
+                                avoid leaking the secret into the world-readable Nix store.
+                              '';
+                            };

Member

SuperSandro2000 Jan 7, 2026

Just an idea: should we then offer the option at all if it is insecure?

Member Author

Moraxyc Jan 7, 2026

I prefer keeping this to provide a clear doc for users to not use it.

pkgs/by-name/ea/easytier/service.nix

Comment on lines +159 to +168

+                    path = [
+                      cfg.package
+                      iproute2
+                      bash
+                    ];

Member

SuperSandro2000 Jan 7, 2026

Should we not patch that in the package instead?

Member Author

Moraxyc Jan 7, 2026

Not sure, I'm not familiar with packaging easytier. @L-Trump Could you take a look at this?

Moraxyc added 2 commits

January 8, 2026 04:20


          easytier.services.default: init

03500be


          nixosTests.easytier-modular: init

b938c69

Moraxyc force-pushed the add-modular-easytier branch from a557a2f to b938c69 Compare

January 7, 2026 20:21

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

6.topic: nixos 10.rebuild-darwin: 0 10.rebuild-linux: 0 12.approvals: 1 12.approved-by: package-maintainer