tinc rewrite

author: Gregor Kleen <gkleen@yggdrasil.li> 2015-11-04 13:40:18 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2015-11-04 13:40:18 +0100
commit: 7278996bf80f2712537f821fffc48fdec69d8478 (patch)
tree: f131ad6844393cd6bf93a6970f2e6f286f380157
parent: 89dbc12b798b562bc9e160eef7aba7b28d9b9920 (diff)
download: nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar
nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.gz
nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.bz2
nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.xz
nixos-7278996bf80f2712537f821fffc48fdec69d8478.zip
4 files changed, 62 insertions, 50 deletions
diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
index e191168f..5412826b 100644
--- a/custom/tinc/def.nix
+++ b/custom/tinc/def.nix
@@ -70,6 +70,13 @@ in
            '';
          };
+          interfaceConfig = mkOption {
+            default = { };
+            description = ''
+              Additional configuration for the generated network interface
+            '';
+          };
          package = mkOption {
            default = pkgs.tinc_pre;
            description = ''
@@ -122,7 +129,7 @@ in
      ({
        virtual = true;
        virtualType = "${data.interfaceType}";
-      })
+      } // data.interfaceConfig)
    );
    systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair
@@ -141,23 +148,19 @@ in
                                preStart = ''
          ${pkgs.openresolv}/bin/resolvconf -d tinc.${network} || true
        '';
-        # preStart = ''
+        preStart = ''
-        #   mkdir -p /etc/tinc/${network}/hosts
+          mkdir -p /etc/tinc/${network}/hosts
-        #   # Determine how we should generate our keys
+          # Determine how we should generate our keys
-        #   if type tinc >/dev/null 2>&1; then
+          if type tinc >/dev/null 2>&1; then
-        #     # Tinc 1.1+ uses the tinc helper application for key generation
+            # Tinc 1.1+ uses the tinc helper application for key generation
+            [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys || \
-        #     # Prefer ED25519 keys (only in 1.1+)
+              [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
-        #     [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
+          else
+            # Tinc 1.0 uses the tincd application
-        #     # Otherwise use RSA keys
+            [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
-        #     [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
+          fi
-        #   else
+        '';
-        #     # Tinc 1.0 uses the tincd application
-        #     [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
-        #   fi
-        # '';
        script = ''
          tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}
        '';
diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix
index 4c19e0e7..a4309278 100644
--- a/custom/tinc/yggdrasil.nix
+++ b/custom/tinc/yggdrasil.nix
@@ -1,30 +1,33 @@
-{ config, pkgs, name, ip }:
+{ stdenv
+, nettools
+, openresolv
+, connect ? true
+, ipConf ? {}
+}
-{
-  config.services.tinc = {
-    networks = {
-      "yggdrasil" = {
-        name = name;
-                                debugLevel = 2;
-                                hosts = ( import ./yggdrasil-hosts.nix );
-                                extraConfig = "ConnectTo = surtr";
-                                scripts = {
-                                  tinc-up = ''
-            #!${pkgs.stdenv.shell}
-            ${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
-            ${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
-            domain yggdrasil
-            nameserver 10.141.1.1
-            EOF'';
-                                        tinc-down = ''
-                                                #!${pkgs.stdenv.shell}
-            ${pkgs.openresolv}/bin/resolvconf -d tinc.yggdrasil'';
-                                };
-                        };
-                };
-        };
-        config.networking.interfaces."tinc.yggdrasil" = {
+let
-    useDHCP = false;
+  connectTo = if connect then "" else "ConnectTo = ymir"
-        } // ip;
+{
+  "yggdrasil" = {
+    name = name;
+    debugLevel = 2;
+    hosts = ( import ./yggdrasil-hosts.nix );
+    extraConfig = connectTo;
+    scripts = {
+      tinc-up = ''
+        #!${stdenv.shell}
+        ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
+        ${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
+        domain yggdrasil
+        nameserver 10.141.1.1
+        EOF
+      '';
+      tinc-down = ''
+        #!${stdenv.shell}
+        ${openresolv}/bin/resolvconf -d tinc.yggdrasil
+      '';
+    };
+    interfaceConfig = ipConf;
+  };
 }
diff --git a/users/gkleen.nix b/users/gkleen.nix
index 5b5a104e..1d33f2cf 100644
--- a/users/gkleen.nix
+++ b/users/gkleen.nix
@@ -1,7 +1,9 @@
+{ pkgs, config, lib, ... }
 {
  name = "gkleen";
  description = "Gregor Kleen";
-  extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" ];
+  extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" ] + (if config.networking.hostname == "ymir" then ["xmpp"] else []);
  group = "users";
  uid = 1000;
  createHome = true;
diff --git a/ymir.nix b/ymir.nix
index 0ff8ddb4..7cc5ec25 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -19,6 +19,7 @@ in {
      ./ymir-hw.nix
      ./custom/zsh.nix
      ./users.nix
+      ./custom/tinc.nix
    ];
  boot.loader.grub = {
@@ -143,8 +144,11 @@ in {
    chown root:shadow /etc/shadow
    chmod 0640 /etc/shadow
  '';
-  users.groups."xmpp" = {
-    members = [ "gkleen"
+  services.tinc.networks = (pkgs.callPackage ./custom/yggdrasil.nix {
-              ];
+    connect = false;
-  };
+    ipConf = {
+      ip4 = [ { address = "10.141.4.1"; prefixLength = 16; } ];
+    };
+    });
 }
author	Gregor Kleen <gkleen@yggdrasil.li>	2015-11-04 13:40:18 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2015-11-04 13:40:18 +0100
commit	7278996bf80f2712537f821fffc48fdec69d8478 (patch)
tree	f131ad6844393cd6bf93a6970f2e6f286f380157
parent	89dbc12b798b562bc9e160eef7aba7b28d9b9920 (diff)
download	nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.gz nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.bz2 nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.xz nixos-7278996bf80f2712537f821fffc48fdec69d8478.zip

diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix index e191168f..5412826b 100644 --- a/custom/tinc/def.nix +++ b/custom/tinc/def.nix
@@ -70,6 +70,13 @@ in
70	'';	70	'';
71	};	71	};
72		72
		73	interfaceConfig = mkOption {
		74	default = { };
		75	description = ''
		76	Additional configuration for the generated network interface
		77	'';
		78	};
		79
73	package = mkOption {	80	package = mkOption {
74	default = pkgs.tinc_pre;	81	default = pkgs.tinc_pre;
75	description = ''	82	description = ''
@@ -122,7 +129,7 @@ in
122	({	129	({
123	virtual = true;	130	virtual = true;
124	virtualType = "${data.interfaceType}";	131	virtualType = "${data.interfaceType}";
125	})	132	} // data.interfaceConfig)
126	);	133	);
127		134
128	systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair	135	systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair
@@ -141,23 +148,19 @@ in
141	preStart = ''	148	preStart = ''
142	${pkgs.openresolv}/bin/resolvconf -d tinc.${network} \|\| true	149	${pkgs.openresolv}/bin/resolvconf -d tinc.${network} \|\| true
143	'';	150	'';
144	# preStart = ''	151	preStart = ''
145	# mkdir -p /etc/tinc/${network}/hosts	152	mkdir -p /etc/tinc/${network}/hosts
146		153
147	# # Determine how we should generate our keys	154	# Determine how we should generate our keys
148	# if type tinc >/dev/null 2>&1; then	155	if type tinc >/dev/null 2>&1; then
149	# # Tinc 1.1+ uses the tinc helper application for key generation	156	# Tinc 1.1+ uses the tinc helper application for key generation
150		157	[ -f "/etc/tinc/${network}/ed25519_key.priv" ] \|\| tinc -n ${network} generate-ed25519-keys \|\| \
151	# # Prefer ED25519 keys (only in 1.1+)	158	[ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tinc -n ${network} generate-rsa-keys 4096
152	# [ -f "/etc/tinc/${network}/ed25519_key.priv" ] \|\| tinc -n ${network} generate-ed25519-keys	159	else
153		160	# Tinc 1.0 uses the tincd application
154	# # Otherwise use RSA keys	161	[ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tincd -n ${network} -K 4096
155	# [ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tinc -n ${network} generate-rsa-keys 4096	162	fi
156	# else	163	'';
157	# # Tinc 1.0 uses the tincd application
158	# [ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tincd -n ${network} -K 4096
159	# fi
160	# '';
161	script = ''	164	script = ''
162	tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}	165	tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}
163	'';	166	'';


diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix index 4c19e0e7..a4309278 100644 --- a/custom/tinc/yggdrasil.nix +++ b/custom/tinc/yggdrasil.nix
@@ -1,30 +1,33 @@
1	{ config, pkgs, name, ip }:	1	{ stdenv
		2	, nettools
		3	, openresolv
		4	, connect ? true
		5	, ipConf ? {}
		6	}
2		7
3	{
4	config.services.tinc = {
5	networks = {
6	"yggdrasil" = {
7	name = name;
8	debugLevel = 2;
9	hosts = ( import ./yggdrasil-hosts.nix );
10	extraConfig = "ConnectTo = surtr";
11	scripts = {
12	tinc-up = ''
13	#!${pkgs.stdenv.shell}
14	${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
15	${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
16	domain yggdrasil
17	nameserver 10.141.1.1
18	EOF'';
19	tinc-down = ''
20	#!${pkgs.stdenv.shell}
21	${pkgs.openresolv}/bin/resolvconf -d tinc.yggdrasil'';
22	};
23	};
24	};
25	};
26		8
27	config.networking.interfaces."tinc.yggdrasil" = {	9	let
28	useDHCP = false;	10	connectTo = if connect then "" else "ConnectTo = ymir"
29	} // ip;	11	{
		12	"yggdrasil" = {
		13	name = name;
		14	debugLevel = 2;
		15	hosts = ( import ./yggdrasil-hosts.nix );
		16	extraConfig = connectTo;
		17	scripts = {
		18	tinc-up = ''
		19	#!${stdenv.shell}
		20	${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
		21	${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
		22	domain yggdrasil
		23	nameserver 10.141.1.1
		24	EOF
		25	'';
		26	tinc-down = ''
		27	#!${stdenv.shell}
		28	${openresolv}/bin/resolvconf -d tinc.yggdrasil
		29	'';
		30	};
		31	interfaceConfig = ipConf;
		32	};
30	}	33	}


diff --git a/users/gkleen.nix b/users/gkleen.nix index 5b5a104e..1d33f2cf 100644 --- a/users/gkleen.nix +++ b/users/gkleen.nix
@@ -1,7 +1,9 @@
		1	{ pkgs, config, lib, ... }
		2
1	{	3	{
2	name = "gkleen";	4	name = "gkleen";
3	description = "Gregor Kleen";	5	description = "Gregor Kleen";
4	extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" ];	6	extraGroups = [ "wheel" "wlan" "lp" "dialout" "audio" ] + (if config.networking.hostname == "ymir" then ["xmpp"] else []);
5	group = "users";	7	group = "users";
6	uid = 1000;	8	uid = 1000;
7	createHome = true;	9	createHome = true;


diff --git a/ymir.nix b/ymir.nix index 0ff8ddb4..7cc5ec25 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -19,6 +19,7 @@ in {
19	./ymir-hw.nix	19	./ymir-hw.nix
20	./custom/zsh.nix	20	./custom/zsh.nix
21	./users.nix	21	./users.nix
		22	./custom/tinc.nix
22	];	23	];
23		24
24	boot.loader.grub = {	25	boot.loader.grub = {
@@ -143,8 +144,11 @@ in {
143	chown root:shadow /etc/shadow	144	chown root:shadow /etc/shadow
144	chmod 0640 /etc/shadow	145	chmod 0640 /etc/shadow
145	'';	146	'';
146	users.groups."xmpp" = {	147
147	members = [ "gkleen"	148	services.tinc.networks = (pkgs.callPackage ./custom/yggdrasil.nix {
148	];	149	connect = false;
149	};	150	ipConf = {
		151	ip4 = [ { address = "10.141.4.1"; prefixLength = 16; } ];
		152	};
		153	});
150	}	154	}