diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2015-11-04 13:40:18 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2015-11-04 13:40:18 +0100 |
| commit | 7278996bf80f2712537f821fffc48fdec69d8478 (patch) | |
| tree | f131ad6844393cd6bf93a6970f2e6f286f380157 /custom/tinc/def.nix | |
| parent | 89dbc12b798b562bc9e160eef7aba7b28d9b9920 (diff) | |
| download | nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.gz nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.bz2 nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.xz nixos-7278996bf80f2712537f821fffc48fdec69d8478.zip | |
tinc rewrite
Diffstat (limited to 'custom/tinc/def.nix')
| -rw-r--r-- | custom/tinc/def.nix | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix index e191168f..5412826b 100644 --- a/custom/tinc/def.nix +++ b/custom/tinc/def.nix | |||
| @@ -70,6 +70,13 @@ in | |||
| 70 | ''; | 70 | ''; |
| 71 | }; | 71 | }; |
| 72 | 72 | ||
| 73 | interfaceConfig = mkOption { | ||
| 74 | default = { }; | ||
| 75 | description = '' | ||
| 76 | Additional configuration for the generated network interface | ||
| 77 | ''; | ||
| 78 | }; | ||
| 79 | |||
| 73 | package = mkOption { | 80 | package = mkOption { |
| 74 | default = pkgs.tinc_pre; | 81 | default = pkgs.tinc_pre; |
| 75 | description = '' | 82 | description = '' |
| @@ -122,7 +129,7 @@ in | |||
| 122 | ({ | 129 | ({ |
| 123 | virtual = true; | 130 | virtual = true; |
| 124 | virtualType = "${data.interfaceType}"; | 131 | virtualType = "${data.interfaceType}"; |
| 125 | }) | 132 | } // data.interfaceConfig) |
| 126 | ); | 133 | ); |
| 127 | 134 | ||
| 128 | systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair | 135 | systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair |
| @@ -141,23 +148,19 @@ in | |||
| 141 | preStart = '' | 148 | preStart = '' |
| 142 | ${pkgs.openresolv}/bin/resolvconf -d tinc.${network} || true | 149 | ${pkgs.openresolv}/bin/resolvconf -d tinc.${network} || true |
| 143 | ''; | 150 | ''; |
| 144 | # preStart = '' | 151 | preStart = '' |
| 145 | # mkdir -p /etc/tinc/${network}/hosts | 152 | mkdir -p /etc/tinc/${network}/hosts |
| 146 | 153 | ||
| 147 | # # Determine how we should generate our keys | 154 | # Determine how we should generate our keys |
| 148 | # if type tinc >/dev/null 2>&1; then | 155 | if type tinc >/dev/null 2>&1; then |
| 149 | # # Tinc 1.1+ uses the tinc helper application for key generation | 156 | # Tinc 1.1+ uses the tinc helper application for key generation |
| 150 | 157 | [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys || \ | |
| 151 | # # Prefer ED25519 keys (only in 1.1+) | 158 | [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 |
| 152 | # [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys | 159 | else |
| 153 | 160 | # Tinc 1.0 uses the tincd application | |
| 154 | # # Otherwise use RSA keys | 161 | [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096 |
| 155 | # [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 | 162 | fi |
| 156 | # else | 163 | ''; |
| 157 | # # Tinc 1.0 uses the tincd application | ||
| 158 | # [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096 | ||
| 159 | # fi | ||
| 160 | # ''; | ||
| 161 | script = '' | 164 | script = '' |
| 162 | tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel} | 165 | tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel} |
| 163 | ''; | 166 | ''; |