summaryrefslogtreecommitdiff
path: root/custom
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2015-11-04 13:40:18 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2015-11-04 13:40:18 +0100
commit7278996bf80f2712537f821fffc48fdec69d8478 (patch)
treef131ad6844393cd6bf93a6970f2e6f286f380157 /custom
parent89dbc12b798b562bc9e160eef7aba7b28d9b9920 (diff)
downloadnixos-7278996bf80f2712537f821fffc48fdec69d8478.tar
nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.gz
nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.bz2
nixos-7278996bf80f2712537f821fffc48fdec69d8478.tar.xz
nixos-7278996bf80f2712537f821fffc48fdec69d8478.zip
tinc rewrite
Diffstat (limited to 'custom')
-rw-r--r--custom/tinc/def.nix39
-rw-r--r--custom/tinc/yggdrasil.nix57
2 files changed, 51 insertions, 45 deletions
diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
index e191168f..5412826b 100644
--- a/custom/tinc/def.nix
+++ b/custom/tinc/def.nix
@@ -70,6 +70,13 @@ in
70 ''; 70 '';
71 }; 71 };
72 72
73 interfaceConfig = mkOption {
74 default = { };
75 description = ''
76 Additional configuration for the generated network interface
77 '';
78 };
79
73 package = mkOption { 80 package = mkOption {
74 default = pkgs.tinc_pre; 81 default = pkgs.tinc_pre;
75 description = '' 82 description = ''
@@ -122,7 +129,7 @@ in
122 ({ 129 ({
123 virtual = true; 130 virtual = true;
124 virtualType = "${data.interfaceType}"; 131 virtualType = "${data.interfaceType}";
125 }) 132 } // data.interfaceConfig)
126 ); 133 );
127 134
128 systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair 135 systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair
@@ -141,23 +148,19 @@ in
141 preStart = '' 148 preStart = ''
142 ${pkgs.openresolv}/bin/resolvconf -d tinc.${network} || true 149 ${pkgs.openresolv}/bin/resolvconf -d tinc.${network} || true
143 ''; 150 '';
144 # preStart = '' 151 preStart = ''
145 # mkdir -p /etc/tinc/${network}/hosts 152 mkdir -p /etc/tinc/${network}/hosts
146 153
147 # # Determine how we should generate our keys 154 # Determine how we should generate our keys
148 # if type tinc >/dev/null 2>&1; then 155 if type tinc >/dev/null 2>&1; then
149 # # Tinc 1.1+ uses the tinc helper application for key generation 156 # Tinc 1.1+ uses the tinc helper application for key generation
150 157 [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys || \
151 # # Prefer ED25519 keys (only in 1.1+) 158 [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
152 # [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys 159 else
153 160 # Tinc 1.0 uses the tincd application
154 # # Otherwise use RSA keys 161 [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
155 # [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 162 fi
156 # else 163 '';
157 # # Tinc 1.0 uses the tincd application
158 # [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
159 # fi
160 # '';
161 script = '' 164 script = ''
162 tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel} 165 tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}
163 ''; 166 '';
diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix
index 4c19e0e7..a4309278 100644
--- a/custom/tinc/yggdrasil.nix
+++ b/custom/tinc/yggdrasil.nix
@@ -1,30 +1,33 @@
1{ config, pkgs, name, ip }: 1{ stdenv
2, nettools
3, openresolv
4, connect ? true
5, ipConf ? {}
6}
2 7
3{
4 config.services.tinc = {
5 networks = {
6 "yggdrasil" = {
7 name = name;
8 debugLevel = 2;
9 hosts = ( import ./yggdrasil-hosts.nix );
10 extraConfig = "ConnectTo = surtr";
11 scripts = {
12 tinc-up = ''
13 #!${pkgs.stdenv.shell}
14 ${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
15 ${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
16 domain yggdrasil
17 nameserver 10.141.1.1
18 EOF'';
19 tinc-down = ''
20 #!${pkgs.stdenv.shell}
21 ${pkgs.openresolv}/bin/resolvconf -d tinc.yggdrasil'';
22 };
23 };
24 };
25 };
26 8
27 config.networking.interfaces."tinc.yggdrasil" = { 9let
28 useDHCP = false; 10 connectTo = if connect then "" else "ConnectTo = ymir"
29 } // ip; 11{
12 "yggdrasil" = {
13 name = name;
14 debugLevel = 2;
15 hosts = ( import ./yggdrasil-hosts.nix );
16 extraConfig = connectTo;
17 scripts = {
18 tinc-up = ''
19 #!${stdenv.shell}
20 ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
21 ${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
22 domain yggdrasil
23 nameserver 10.141.1.1
24 EOF
25 '';
26 tinc-down = ''
27 #!${stdenv.shell}
28 ${openresolv}/bin/resolvconf -d tinc.yggdrasil
29 '';
30 };
31 interfaceConfig = ipConf;
32 };
30} 33}