3 files changed, 94 insertions, 48 deletions
diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix
index 46d815a3..035b9b10 100644
--- a/custom/tinc/yggdrasil.nix
+++ b/custom/tinc/yggdrasil.nix
@@ -1,42 +1,85 @@
-{ stdenv
+{ config, lib, pkgs, ... }:
-, nettools
-, openresolv
+with lib;
-, name
-, connect ? true
+let
-, ipConf ? {}
+  cfg = config.services.yggdrasilTinc;
-, useDNS ? true
+in {
-}:
+  options = {
-with stdenv.lib;
+    services.yggdrasilTinc = {
+      enable = mkEnableOption "yggdrasil tinc network";
-{
+      
-  "yggdrasil" = {
+      connect = mkOption {
-    inherit name;
+        default = true;
-    debugLevel = 2;
+        type = types.bool;
-    hosts = ( import ./hosts/yggdrasil.nix );
+        description = ''
-    extraConfig = ''
+          Connect to central server
-      PingTimeout = 10
+        '';
-      ${optionalString connect "ConnectTo = ymir"}
+      };
-    '';
-    scripts = {
+      useDNS = mkOption {
-      "hosts/borealis-up" = ''
+        default = true;
-        #!${stdenv.shell}
+        types = types.bool;
-        ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
+        description = ''
-        ${optionalString useDNS ''
+          Use borealis as primary dns server
-          ${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
+        '';
-          domain yggdrasil
+      };
-          nameserver 10.141.1.1
-          EOF
+      name = mkOption {
-        ''}
+        default = config.networking.hostName;
-      '';
+        types = types.str;
-      "hosts/borealis-down" = ''
+        description = ''
-        #!${stdenv.shell}
+          Node identifier
-        ${nettools}/bin/route del -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE
+        '';
-        ${optionalString useDNS ''
+      };
-          ${openresolv}/bin/resolvconf -d tinc.yggdrasil
-        ''}
+      interfaceConfig = mkOption {
+        default = {};
+        description = ''
+          Additional configuration for the generated network interface
+        '';
+      };
+    };
+  };
+  config = mkIf cfg.enable {
+    services.customTinc.networks."yggdrasil" = {
+      inherit (cfg) name interfaceConfig;
+      debugLevel = 2;
+      hosts = ( import ./hosts/yggdrasil.nix );
+      extraConfig = ''
+        PingTimeout = 10
+        ${optionalString cfg.connect "ConnectTo = ymir"}
      '';
+      scripts = {
+        "hosts/borealis-up" = "${config.security.wrapperDir}/borealis-up";
+        "hosts/borealis-down" = "${config.security.wrapperDir}/borealis-down";
+      };
+    };
+    security.wrappers = {
+      "borealis-up" = {
+        source = pkgs.writeScript "borealis-up.sh" ''
+          #!${stdenv.shell}
+          ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
+          ${optionalString cfg.useDNS ''
+            ${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
+            domain yggdrasil
+            nameserver 10.141.1.1
+            EOF
+          ''}
+        '';
+      };
+      "borealis-down" = {
+        source = pkgs.writeScript "borealis-down.sh" ''
+          #!${stdenv.shell}
+          ${nettools}/bin/route del -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE
+          ${optionalString cfg.useDNS ''
+            ${openresolv}/bin/resolvconf -d tinc.yggdrasil
+          ''}
+        '';
+      };
    };
-    interfaceConfig = ipConf;
  };
 }
diff --git a/hel.nix b/hel.nix
index 544cd7f0..4a3b6606 100644
--- a/hel.nix
+++ b/hel.nix
@@ -12,6 +12,7 @@
      ./users.nix
      ./custom/zsh.nix
      ./custom/tinc/def.nix
+      ./custom/tinc/yggdrasil.nix
      ./custom/uucp.nix
    ];
@@ -178,14 +179,15 @@
    ntp.enable = false;
    timesyncd.enable = true;
-    customTinc.networks = ((import ./custom/tinc/yggdrasil.nix) {
+    yggdrasilTinc = {
-      inherit (pkgs) stdenv nettools openresolv;
+      enable = true;
      connect = true;
      name = "hel";
-      ipConf = {
+      interfaceConfig = {
        ip4 = [ { address = "10.141.2.3"; prefixLength = 16; } ];
      };
-    });
+    };
    uucp = {
      enable = true;
      nodeName = "hel";
diff --git a/ymir.nix b/ymir.nix
index e02be94d..d74fcd9c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -30,6 +30,7 @@ in rec {
      ./custom/zsh.nix
      ./users.nix
      ./custom/tinc/def.nix
+      ./custom/tinc/yggdrasil.nix
      ./custom/ymir-nginx.nix
      ./custom/uucp.nix
      ./custom/unit-status-mail.nix
@@ -271,16 +272,16 @@ in rec {
    chmod 0640 /etc/shadow
  '';
-  services.customTinc.networks = ((import ./custom/tinc/yggdrasil.nix) {
+  services.yggdrasilTinc = {
-    inherit (pkgs) stdenv nettools openresolv;
+    enable = true;
-    name = "ymir";
    connect = false;
    useDNS = false;
-    ipConf = {
+    interfaceConfig = {
      ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];
    };
-    })
+  };
-    // ((import ./custom/tinc/laeradhr.nix) {
+  services.customTinc.networks = ((import ./custom/tinc/laeradhr.nix) {
     inherit (pkgs) stdenv nettools openresolv;
    name = "ymir";
    connect = false;

diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix index 46d815a3..035b9b10 100644 --- a/custom/tinc/yggdrasil.nix +++ b/custom/tinc/yggdrasil.nix
@@ -1,42 +1,85 @@
1	{ stdenv	1	{ config, lib, pkgs, ... }:
2	, nettools	2
3	, openresolv	3	with lib;
4	, name	4
5	, connect ? true	5	let
6	, ipConf ? {}	6	cfg = config.services.yggdrasilTinc;
7	, useDNS ? true	7	in {
8	}:	8
9		9	options = {
10	with stdenv.lib;	10	services.yggdrasilTinc = {
11		11	enable = mkEnableOption "yggdrasil tinc network";
12	{	12
13	"yggdrasil" = {	13	connect = mkOption {
14	inherit name;	14	default = true;
15	debugLevel = 2;	15	type = types.bool;
16	hosts = ( import ./hosts/yggdrasil.nix );	16	description = ''
17	extraConfig = ''	17	Connect to central server
18	PingTimeout = 10	18	'';
19	${optionalString connect "ConnectTo = ymir"}	19	};
20	'';	20
21	scripts = {	21	useDNS = mkOption {
22	"hosts/borealis-up" = ''	22	default = true;
23	#!${stdenv.shell}	23	types = types.bool;
24	${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999	24	description = ''
25	${optionalString useDNS ''	25	Use borealis as primary dns server
26	${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF	26	'';
27	domain yggdrasil	27	};
28	nameserver 10.141.1.1	28
29	EOF	29	name = mkOption {
30	''}	30	default = config.networking.hostName;
31	'';	31	types = types.str;
32	"hosts/borealis-down" = ''	32	description = ''
33	#!${stdenv.shell}	33	Node identifier
34	${nettools}/bin/route del -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE	34	'';
35	${optionalString useDNS ''	35	};
36	${openresolv}/bin/resolvconf -d tinc.yggdrasil	36
37	''}	37	interfaceConfig = mkOption {
		38	default = {};
		39	description = ''
		40	Additional configuration for the generated network interface
		41	'';
		42	};
		43	};
		44	};
		45
		46	config = mkIf cfg.enable {
		47	services.customTinc.networks."yggdrasil" = {
		48	inherit (cfg) name interfaceConfig;
		49	debugLevel = 2;
		50	hosts = ( import ./hosts/yggdrasil.nix );
		51	extraConfig = ''
		52	PingTimeout = 10
		53	${optionalString cfg.connect "ConnectTo = ymir"}
38	'';	54	'';
		55	scripts = {
		56	"hosts/borealis-up" = "${config.security.wrapperDir}/borealis-up";
		57	"hosts/borealis-down" = "${config.security.wrapperDir}/borealis-down";
		58	};
		59	};
		60
		61	security.wrappers = {
		62	"borealis-up" = {
		63	source = pkgs.writeScript "borealis-up.sh" ''
		64	#!${stdenv.shell}
		65	${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
		66	${optionalString cfg.useDNS ''
		67	${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
		68	domain yggdrasil
		69	nameserver 10.141.1.1
		70	EOF
		71	''}
		72	'';
		73	};
		74	"borealis-down" = {
		75	source = pkgs.writeScript "borealis-down.sh" ''
		76	#!${stdenv.shell}
		77	${nettools}/bin/route del -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE
		78	${optionalString cfg.useDNS ''
		79	${openresolv}/bin/resolvconf -d tinc.yggdrasil
		80	''}
		81	'';
		82	};
39	};	83	};
40	interfaceConfig = ipConf;
41	};	84	};
42	}	85	}


diff --git a/hel.nix b/hel.nix index 544cd7f0..4a3b6606 100644 --- a/hel.nix +++ b/hel.nix
@@ -12,6 +12,7 @@
12	./users.nix	12	./users.nix
13	./custom/zsh.nix	13	./custom/zsh.nix
14	./custom/tinc/def.nix	14	./custom/tinc/def.nix
		15	./custom/tinc/yggdrasil.nix
15	./custom/uucp.nix	16	./custom/uucp.nix
16	];	17	];
17		18
@@ -178,14 +179,15 @@
178	ntp.enable = false;	179	ntp.enable = false;
179	timesyncd.enable = true;	180	timesyncd.enable = true;
180		181
181	customTinc.networks = ((import ./custom/tinc/yggdrasil.nix) {	182	yggdrasilTinc = {
182	inherit (pkgs) stdenv nettools openresolv;	183	enable = true;
183	connect = true;	184	connect = true;
184	name = "hel";	185	name = "hel";
185	ipConf = {	186	interfaceConfig = {
186	ip4 = [ { address = "10.141.2.3"; prefixLength = 16; } ];	187	ip4 = [ { address = "10.141.2.3"; prefixLength = 16; } ];
187	};	188	};
188	});	189	};
		190
189	uucp = {	191	uucp = {
190	enable = true;	192	enable = true;
191	nodeName = "hel";	193	nodeName = "hel";


diff --git a/ymir.nix b/ymir.nix index e02be94d..d74fcd9c 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -30,6 +30,7 @@ in rec {
30	./custom/zsh.nix	30	./custom/zsh.nix
31	./users.nix	31	./users.nix
32	./custom/tinc/def.nix	32	./custom/tinc/def.nix
		33	./custom/tinc/yggdrasil.nix
33	./custom/ymir-nginx.nix	34	./custom/ymir-nginx.nix
34	./custom/uucp.nix	35	./custom/uucp.nix
35	./custom/unit-status-mail.nix	36	./custom/unit-status-mail.nix
@@ -271,16 +272,16 @@ in rec {
271	chmod 0640 /etc/shadow	272	chmod 0640 /etc/shadow
272	'';	273	'';
273		274
274	services.customTinc.networks = ((import ./custom/tinc/yggdrasil.nix) {	275	services.yggdrasilTinc = {
275	inherit (pkgs) stdenv nettools openresolv;	276	enable = true;
276	name = "ymir";
277	connect = false;	277	connect = false;
278	useDNS = false;	278	useDNS = false;
279	ipConf = {	279	interfaceConfig = {
280	ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];	280	ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];
281	};	281	};
282	})	282	};
283	// ((import ./custom/tinc/laeradhr.nix) {	283
		284	services.customTinc.networks = ((import ./custom/tinc/laeradhr.nix) {
284	inherit (pkgs) stdenv nettools openresolv;	285	inherit (pkgs) stdenv nettools openresolv;
285	name = "ymir";	286	name = "ymir";
286	connect = false;	287	connect = false;