diff options
Diffstat (limited to 'custom/tinc')
| -rw-r--r-- | custom/tinc/yggdrasil.nix | 119 |
1 files changed, 81 insertions, 38 deletions
diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix index 46d815a3..035b9b10 100644 --- a/custom/tinc/yggdrasil.nix +++ b/custom/tinc/yggdrasil.nix | |||
| @@ -1,42 +1,85 @@ | |||
| 1 | { stdenv | 1 | { config, lib, pkgs, ... }: |
| 2 | , nettools | 2 | |
| 3 | , openresolv | 3 | with lib; |
| 4 | , name | 4 | |
| 5 | , connect ? true | 5 | let |
| 6 | , ipConf ? {} | 6 | cfg = config.services.yggdrasilTinc; |
| 7 | , useDNS ? true | 7 | in { |
| 8 | }: | 8 | |
| 9 | 9 | options = { | |
| 10 | with stdenv.lib; | 10 | services.yggdrasilTinc = { |
| 11 | 11 | enable = mkEnableOption "yggdrasil tinc network"; | |
| 12 | { | 12 | |
| 13 | "yggdrasil" = { | 13 | connect = mkOption { |
| 14 | inherit name; | 14 | default = true; |
| 15 | debugLevel = 2; | 15 | type = types.bool; |
| 16 | hosts = ( import ./hosts/yggdrasil.nix ); | 16 | description = '' |
| 17 | extraConfig = '' | 17 | Connect to central server |
| 18 | PingTimeout = 10 | 18 | ''; |
| 19 | ${optionalString connect "ConnectTo = ymir"} | 19 | }; |
| 20 | ''; | 20 | |
| 21 | scripts = { | 21 | useDNS = mkOption { |
| 22 | "hosts/borealis-up" = '' | 22 | default = true; |
| 23 | #!${stdenv.shell} | 23 | types = types.bool; |
| 24 | ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999 | 24 | description = '' |
| 25 | ${optionalString useDNS '' | 25 | Use borealis as primary dns server |
| 26 | ${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF | 26 | ''; |
| 27 | domain yggdrasil | 27 | }; |
| 28 | nameserver 10.141.1.1 | 28 | |
| 29 | EOF | 29 | name = mkOption { |
| 30 | ''} | 30 | default = config.networking.hostName; |
| 31 | ''; | 31 | types = types.str; |
| 32 | "hosts/borealis-down" = '' | 32 | description = '' |
| 33 | #!${stdenv.shell} | 33 | Node identifier |
| 34 | ${nettools}/bin/route del -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE | 34 | ''; |
| 35 | ${optionalString useDNS '' | 35 | }; |
| 36 | ${openresolv}/bin/resolvconf -d tinc.yggdrasil | 36 | |
| 37 | ''} | 37 | interfaceConfig = mkOption { |
| 38 | default = {}; | ||
| 39 | description = '' | ||
| 40 | Additional configuration for the generated network interface | ||
| 41 | ''; | ||
| 42 | }; | ||
| 43 | }; | ||
| 44 | }; | ||
| 45 | |||
| 46 | config = mkIf cfg.enable { | ||
| 47 | services.customTinc.networks."yggdrasil" = { | ||
| 48 | inherit (cfg) name interfaceConfig; | ||
| 49 | debugLevel = 2; | ||
| 50 | hosts = ( import ./hosts/yggdrasil.nix ); | ||
| 51 | extraConfig = '' | ||
| 52 | PingTimeout = 10 | ||
| 53 | ${optionalString cfg.connect "ConnectTo = ymir"} | ||
| 38 | ''; | 54 | ''; |
| 55 | scripts = { | ||
| 56 | "hosts/borealis-up" = "${config.security.wrapperDir}/borealis-up"; | ||
| 57 | "hosts/borealis-down" = "${config.security.wrapperDir}/borealis-down"; | ||
| 58 | }; | ||
| 59 | }; | ||
| 60 | |||
| 61 | security.wrappers = { | ||
| 62 | "borealis-up" = { | ||
| 63 | source = pkgs.writeScript "borealis-up.sh" '' | ||
| 64 | #!${stdenv.shell} | ||
| 65 | ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999 | ||
| 66 | ${optionalString cfg.useDNS '' | ||
| 67 | ${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF | ||
| 68 | domain yggdrasil | ||
| 69 | nameserver 10.141.1.1 | ||
| 70 | EOF | ||
| 71 | ''} | ||
| 72 | ''; | ||
| 73 | }; | ||
| 74 | "borealis-down" = { | ||
| 75 | source = pkgs.writeScript "borealis-down.sh" '' | ||
| 76 | #!${stdenv.shell} | ||
| 77 | ${nettools}/bin/route del -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE | ||
| 78 | ${optionalString cfg.useDNS '' | ||
| 79 | ${openresolv}/bin/resolvconf -d tinc.yggdrasil | ||
| 80 | ''} | ||
| 81 | ''; | ||
| 82 | }; | ||
| 39 | }; | 83 | }; |
| 40 | interfaceConfig = ipConf; | ||
| 41 | }; | 84 | }; |
| 42 | } | 85 | } |