nixos/cjdns: add extraConfig option (#53502)

nixos/modules/services/networking/cjdns.nix

@@ -44,9 +44,7 @@ let
   parseModules = x:
     x // { connectTo = mapAttrs (name: value: { inherit (value) password publicKey; }) x.connectTo; };
 
-  # would be nice to  merge 'cfg' with a //,
+  cjdrouteConf = builtins.toJSON ( recursiveUpdate {
-  # but the json nesting is wacky.
-  cjdrouteConf = builtins.toJSON ( {
     admin = {
       bind = cfg.admin.bind;
       password = "@CJDNS_ADMIN_PASSWORD@";
@@ -71,7 +69,7 @@ let
 
     security = [ { exemptAngel = 1; setuser = "nobody"; } ];
 
-  });
+  } cfg.extraConfig);
 
 in
 
@@ -91,6 +89,16 @@ in
         '';
       };
 
+      extraConfig = mkOption {
+        type = types.attrs;
+        default = {};
+        example = { router.interface.tunDevice = "tun10"; };
+        description = ''
+          Extra configuration, given as attrs, that will be merged recursively
+          with the rest of the JSON generated by this module, at the root node.
+        '';
+      };
+
       confFile = mkOption {
         type = types.nullOr types.path;
         default = null;
@@ -246,7 +254,10 @@ in
         if cfg.confFile != null then "${pkg}/bin/cjdroute < ${cfg.confFile}" else
           ''
             source /etc/cjdns.keys
-            echo '${cjdrouteConf}' | sed \
+            (cat <<'EOF'
+            ${cjdrouteConf}
+            EOF
+            ) | sed \
                 -e "s/@CJDNS_ADMIN_PASSWORD@/$CJDNS_ADMIN_PASSWORD/g" \
                 -e "s/@CJDNS_PRIVATE_KEY@/$CJDNS_PRIVATE_KEY/g" \
                 | ${pkg}/bin/cjdroute