Qrystal /kristl/ sets up several WireGuard tunnels between servers. In addition, it provides centralised configuration management. Nodes and tokens can be dynamically added (and removed, in a future version).
- Install Go
- Download the source: https://github.com/nyiyui/qrystal/archive/refs/heads/next2goal.tar.gz
- cd-into the source code
make device-client gen-keyssudo make install-device
- If you see errors such as 'user not found', make sure systemd-sysusersd has run after the Makefile ran.
- Edit config files at
/etc/qrystal-device/(gen-keyswill be useful here!) systemctl enable --now qrystal-device-client.service
make coord-serversudo make install-coord
- If you see errors such as 'user not found', make sure systemd-sysusersd has run after the Makefile ran.
- Edit config files at
/etc/qrystal-coord/ systemctl enable --now qrystal-coord-server.service
Using Nix and direnv is recommended. To set up, install Nix and direnv, cd into this repo, then run direnv allow. This will setup your $PATH to have all the tools needed (and with the right versions) to develop.
Testing should be done using go test ./... for Go tests and nix flake check for NixOS tests. Note that nix flake check downloads a lot of files and is fairly slow/expensive (involves starting multiple VMs for testing).
Additionally, individual NixOS tests can be run:
# Example for running `goal` test:
nix build --print-build-logs .#checks.x86_64-linux.goal
# Run an interactive test:
nix build --print-build-logs .#checks.x86_64-linux.goal.driverInteractive && ./result/bin/nixos-test-driver
# Opens a Python REPL; run `test_script()` to run the test itself. See <https://wiki.nixos.org/wiki/NixOS_VM_tests> for details.- node: test node backport (in test.nix)
- confine qrystal-node and qrystal-cs (using systemd's options)
- configure existing interfaces without disrupting connections (as much as possible)
- support multiple hosts
- e.g. specify VPC network IP address first, and then public IP address
- heuristics for a successful wg connection?
- test all fails on
host csbut after waiting a few hours,host csworks so I'll have to figure that out... - if azusa contains configuration for a network that isn't in config.cs.networks, warn about this (possible misconfiguration)
- SRV records