1 files changed, 35 insertions, 26 deletions
diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix
index 035b9b10..d4bf26f1 100644
--- a/custom/tinc/yggdrasil.nix
+++ b/custom/tinc/yggdrasil.nix
@@ -4,8 +4,26 @@ with lib;
 let
  cfg = config.services.yggdrasilTinc;
-in {
+  borealis-up = pkgs.writeScript "borealis-up.sh" ''
+    #!${pkgs.stdenv.shell}
+    ${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
+    ${optionalString cfg.useDNS ''
+      ${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
+      domain yggdrasil
+      nameserver 10.141.1.1
+      EOF
+    ''}
+  '';
+  borealis-down = pkgs.writeScript "borealis-down.sh" ''
+    #!${pkgs.stdenv.shell}
+    ${pkgs.nettools}/bin/route del -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE
+    ${optionalString cfg.useDNS ''
+      ${pkgs.openresolv}/bin/resolvconf -d tinc.yggdrasil
+    ''}
+  '';
+in {
  options = {
    services.yggdrasilTinc = {
      enable = mkEnableOption "yggdrasil tinc network";
@@ -20,7 +38,7 @@ in {
      useDNS = mkOption {
        default = true;
-        types = types.bool;
+        type = types.bool;
        description = ''
          Use borealis as primary dns server
        '';
@@ -28,7 +46,7 @@ in {
      name = mkOption {
        default = config.networking.hostName;
-        types = types.str;
+        type = types.str;
        description = ''
          Node identifier
        '';
@@ -44,6 +62,13 @@ in {
  };
  config = mkIf cfg.enable {
+    security.sudo = {
+      enable = true;
+      extraConfig = ''
+        tinc.yggdrasil ${config.networking.hostName} = (root) ${borealis-up}, ${borealis-down}
+      '';
+    };
+  
    services.customTinc.networks."yggdrasil" = {
      inherit (cfg) name interfaceConfig;
      debugLevel = 2;
@@ -53,31 +78,15 @@ in {
        ${optionalString cfg.connect "ConnectTo = ymir"}
      '';
      scripts = {
-        "hosts/borealis-up" = "${config.security.wrapperDir}/borealis-up";
+        "hosts/borealis-up" = ''
-        "hosts/borealis-down" = "${config.security.wrapperDir}/borealis-down";
+          #!${pkgs.stdenv.shell}
-      };
-    };
-    security.wrappers = {
+          exec ${pkgs.sudo}/bin/sudo ${borealis-up}
-      "borealis-up" = {
-        source = pkgs.writeScript "borealis-up.sh" ''
-          #!${stdenv.shell}
-          ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
-          ${optionalString cfg.useDNS ''
-            ${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
-            domain yggdrasil
-            nameserver 10.141.1.1
-            EOF
-          ''}
        '';
-      };
+        "hosts/borealis-down" = ''
-      "borealis-down" = {
+          #!${pkgs.stdenv.shell}
-        source = pkgs.writeScript "borealis-down.sh" ''
-          #!${stdenv.shell}
+          exec ${pkgs.sudo}/bin/sudo ${borealis-down}
-          ${nettools}/bin/route del -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE
-          ${optionalString cfg.useDNS ''
-            ${openresolv}/bin/resolvconf -d tinc.yggdrasil
-          ''}
        '';
      };
    };

diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix index 035b9b10..d4bf26f1 100644 --- a/custom/tinc/yggdrasil.nix +++ b/custom/tinc/yggdrasil.nix
@@ -4,8 +4,26 @@ with lib;
4		4
5	let	5	let
6	cfg = config.services.yggdrasilTinc;	6	cfg = config.services.yggdrasilTinc;
7	in {
8		7
		8	borealis-up = pkgs.writeScript "borealis-up.sh" ''
		9	#!${pkgs.stdenv.shell}
		10	${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
		11	${optionalString cfg.useDNS ''
		12	${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
		13	domain yggdrasil
		14	nameserver 10.141.1.1
		15	EOF
		16	''}
		17	'';
		18
		19	borealis-down = pkgs.writeScript "borealis-down.sh" ''
		20	#!${pkgs.stdenv.shell}
		21	${pkgs.nettools}/bin/route del -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE
		22	${optionalString cfg.useDNS ''
		23	${pkgs.openresolv}/bin/resolvconf -d tinc.yggdrasil
		24	''}
		25	'';
		26	in {
9	options = {	27	options = {
10	services.yggdrasilTinc = {	28	services.yggdrasilTinc = {
11	enable = mkEnableOption "yggdrasil tinc network";	29	enable = mkEnableOption "yggdrasil tinc network";
@@ -20,7 +38,7 @@ in {
20		38
21	useDNS = mkOption {	39	useDNS = mkOption {
22	default = true;	40	default = true;
23	types = types.bool;	41	type = types.bool;
24	description = ''	42	description = ''
25	Use borealis as primary dns server	43	Use borealis as primary dns server
26	'';	44	'';
@@ -28,7 +46,7 @@ in {
28		46
29	name = mkOption {	47	name = mkOption {
30	default = config.networking.hostName;	48	default = config.networking.hostName;
31	types = types.str;	49	type = types.str;
32	description = ''	50	description = ''
33	Node identifier	51	Node identifier
34	'';	52	'';
@@ -44,6 +62,13 @@ in {
44	};	62	};
45		63
46	config = mkIf cfg.enable {	64	config = mkIf cfg.enable {
		65	security.sudo = {
		66	enable = true;
		67	extraConfig = ''
		68	tinc.yggdrasil ${config.networking.hostName} = (root) ${borealis-up}, ${borealis-down}
		69	'';
		70	};
		71
47	services.customTinc.networks."yggdrasil" = {	72	services.customTinc.networks."yggdrasil" = {
48	inherit (cfg) name interfaceConfig;	73	inherit (cfg) name interfaceConfig;
49	debugLevel = 2;	74	debugLevel = 2;
@@ -53,31 +78,15 @@ in {
53	${optionalString cfg.connect "ConnectTo = ymir"}	78	${optionalString cfg.connect "ConnectTo = ymir"}
54	'';	79	'';
55	scripts = {	80	scripts = {
56	"hosts/borealis-up" = "${config.security.wrapperDir}/borealis-up";	81	"hosts/borealis-up" = ''
57	"hosts/borealis-down" = "${config.security.wrapperDir}/borealis-down";	82	#!${pkgs.stdenv.shell}
58	};
59	};
60		83
61	security.wrappers = {	84	exec ${pkgs.sudo}/bin/sudo ${borealis-up}
62	"borealis-up" = {
63	source = pkgs.writeScript "borealis-up.sh" ''
64	#!${stdenv.shell}
65	${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
66	${optionalString cfg.useDNS ''
67	${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
68	domain yggdrasil
69	nameserver 10.141.1.1
70	EOF
71	''}
72	'';	85	'';
73	};	86	"hosts/borealis-down" = ''
74	"borealis-down" = {	87	#!${pkgs.stdenv.shell}
75	source = pkgs.writeScript "borealis-down.sh" ''	88
76	#!${stdenv.shell}	89	exec ${pkgs.sudo}/bin/sudo ${borealis-down}
77	${nettools}/bin/route del -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE
78	${optionalString cfg.useDNS ''
79	${openresolv}/bin/resolvconf -d tinc.yggdrasil
80	''}
81	'';	90	'';
82	};	91	};
83	};	92	};