1 files changed, 21 insertions, 18 deletions
diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
index e191168f..5412826b 100644
--- a/custom/tinc/def.nix
+++ b/custom/tinc/def.nix
@@ -70,6 +70,13 @@ in
            '';
          };
+          interfaceConfig = mkOption {
+            default = { };
+            description = ''
+              Additional configuration for the generated network interface
+            '';
+          };
          package = mkOption {
            default = pkgs.tinc_pre;
            description = ''
@@ -122,7 +129,7 @@ in
      ({
        virtual = true;
        virtualType = "${data.interfaceType}";
-      })
+      } // data.interfaceConfig)
    );
    systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair
@@ -141,23 +148,19 @@ in
                                preStart = ''
          ${pkgs.openresolv}/bin/resolvconf -d tinc.${network} || true
        '';
-        # preStart = ''
+        preStart = ''
-        #   mkdir -p /etc/tinc/${network}/hosts
+          mkdir -p /etc/tinc/${network}/hosts
-        #   # Determine how we should generate our keys
+          # Determine how we should generate our keys
-        #   if type tinc >/dev/null 2>&1; then
+          if type tinc >/dev/null 2>&1; then
-        #     # Tinc 1.1+ uses the tinc helper application for key generation
+            # Tinc 1.1+ uses the tinc helper application for key generation
+            [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys || \
-        #     # Prefer ED25519 keys (only in 1.1+)
+              [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
-        #     [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
+          else
+            # Tinc 1.0 uses the tincd application
-        #     # Otherwise use RSA keys
+            [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
-        #     [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
+          fi
-        #   else
+        '';
-        #     # Tinc 1.0 uses the tincd application
-        #     [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
-        #   fi
-        # '';
        script = ''
          tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}
        '';

diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix index e191168f..5412826b 100644 --- a/custom/tinc/def.nix +++ b/custom/tinc/def.nix
@@ -70,6 +70,13 @@ in
70	'';	70	'';
71	};	71	};
72		72
		73	interfaceConfig = mkOption {
		74	default = { };
		75	description = ''
		76	Additional configuration for the generated network interface
		77	'';
		78	};
		79
73	package = mkOption {	80	package = mkOption {
74	default = pkgs.tinc_pre;	81	default = pkgs.tinc_pre;
75	description = ''	82	description = ''
@@ -122,7 +129,7 @@ in
122	({	129	({
123	virtual = true;	130	virtual = true;
124	virtualType = "${data.interfaceType}";	131	virtualType = "${data.interfaceType}";
125	})	132	} // data.interfaceConfig)
126	);	133	);
127		134
128	systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair	135	systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair
@@ -141,23 +148,19 @@ in
141	preStart = ''	148	preStart = ''
142	${pkgs.openresolv}/bin/resolvconf -d tinc.${network} \|\| true	149	${pkgs.openresolv}/bin/resolvconf -d tinc.${network} \|\| true
143	'';	150	'';
144	# preStart = ''	151	preStart = ''
145	# mkdir -p /etc/tinc/${network}/hosts	152	mkdir -p /etc/tinc/${network}/hosts
146		153
147	# # Determine how we should generate our keys	154	# Determine how we should generate our keys
148	# if type tinc >/dev/null 2>&1; then	155	if type tinc >/dev/null 2>&1; then
149	# # Tinc 1.1+ uses the tinc helper application for key generation	156	# Tinc 1.1+ uses the tinc helper application for key generation
150		157	[ -f "/etc/tinc/${network}/ed25519_key.priv" ] \|\| tinc -n ${network} generate-ed25519-keys \|\| \
151	# # Prefer ED25519 keys (only in 1.1+)	158	[ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tinc -n ${network} generate-rsa-keys 4096
152	# [ -f "/etc/tinc/${network}/ed25519_key.priv" ] \|\| tinc -n ${network} generate-ed25519-keys	159	else
153		160	# Tinc 1.0 uses the tincd application
154	# # Otherwise use RSA keys	161	[ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tincd -n ${network} -K 4096
155	# [ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tinc -n ${network} generate-rsa-keys 4096	162	fi
156	# else	163	'';
157	# # Tinc 1.0 uses the tincd application
158	# [ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tincd -n ${network} -K 4096
159	# fi
160	# '';
161	script = ''	164	script = ''
162	tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}	165	tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}
163	'';	166	'';