2 files changed, 51 insertions, 45 deletions
diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
index e191168f..5412826b 100644
--- a/custom/tinc/def.nix
+++ b/custom/tinc/def.nix
@@ -70,6 +70,13 @@ in
            '';
          };
+          interfaceConfig = mkOption {
+            default = { };
+            description = ''
+              Additional configuration for the generated network interface
+            '';
+          };
          package = mkOption {
            default = pkgs.tinc_pre;
            description = ''
@@ -122,7 +129,7 @@ in
      ({
        virtual = true;
        virtualType = "${data.interfaceType}";
-      })
+      } // data.interfaceConfig)
    );
    systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair
@@ -141,23 +148,19 @@ in
                                preStart = ''
          ${pkgs.openresolv}/bin/resolvconf -d tinc.${network} || true
        '';
-        # preStart = ''
+        preStart = ''
-        #   mkdir -p /etc/tinc/${network}/hosts
+          mkdir -p /etc/tinc/${network}/hosts
-        #   # Determine how we should generate our keys
+          # Determine how we should generate our keys
-        #   if type tinc >/dev/null 2>&1; then
+          if type tinc >/dev/null 2>&1; then
-        #     # Tinc 1.1+ uses the tinc helper application for key generation
+            # Tinc 1.1+ uses the tinc helper application for key generation
+            [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys || \
-        #     # Prefer ED25519 keys (only in 1.1+)
+              [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
-        #     [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
+          else
+            # Tinc 1.0 uses the tincd application
-        #     # Otherwise use RSA keys
+            [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
-        #     [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
+          fi
-        #   else
+        '';
-        #     # Tinc 1.0 uses the tincd application
-        #     [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
-        #   fi
-        # '';
        script = ''
          tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}
        '';
diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix
index 4c19e0e7..a4309278 100644
--- a/custom/tinc/yggdrasil.nix
+++ b/custom/tinc/yggdrasil.nix
@@ -1,30 +1,33 @@
-{ config, pkgs, name, ip }:
+{ stdenv
+, nettools
+, openresolv
+, connect ? true
+, ipConf ? {}
+}
-{
-  config.services.tinc = {
-    networks = {
-      "yggdrasil" = {
-        name = name;
-                                debugLevel = 2;
-                                hosts = ( import ./yggdrasil-hosts.nix );
-                                extraConfig = "ConnectTo = surtr";
-                                scripts = {
-                                  tinc-up = ''
-            #!${pkgs.stdenv.shell}
-            ${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
-            ${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
-            domain yggdrasil
-            nameserver 10.141.1.1
-            EOF'';
-                                        tinc-down = ''
-                                                #!${pkgs.stdenv.shell}
-            ${pkgs.openresolv}/bin/resolvconf -d tinc.yggdrasil'';
-                                };
-                        };
-                };
-        };
-        config.networking.interfaces."tinc.yggdrasil" = {
+let
-    useDHCP = false;
+  connectTo = if connect then "" else "ConnectTo = ymir"
-        } // ip;
+{
+  "yggdrasil" = {
+    name = name;
+    debugLevel = 2;
+    hosts = ( import ./yggdrasil-hosts.nix );
+    extraConfig = connectTo;
+    scripts = {
+      tinc-up = ''
+        #!${stdenv.shell}
+        ${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
+        ${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
+        domain yggdrasil
+        nameserver 10.141.1.1
+        EOF
+      '';
+      tinc-down = ''
+        #!${stdenv.shell}
+        ${openresolv}/bin/resolvconf -d tinc.yggdrasil
+      '';
+    };
+    interfaceConfig = ipConf;
+  };
 }

diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix index e191168f..5412826b 100644 --- a/custom/tinc/def.nix +++ b/custom/tinc/def.nix
@@ -70,6 +70,13 @@ in
70	'';	70	'';
71	};	71	};
72		72
		73	interfaceConfig = mkOption {
		74	default = { };
		75	description = ''
		76	Additional configuration for the generated network interface
		77	'';
		78	};
		79
73	package = mkOption {	80	package = mkOption {
74	default = pkgs.tinc_pre;	81	default = pkgs.tinc_pre;
75	description = ''	82	description = ''
@@ -122,7 +129,7 @@ in
122	({	129	({
123	virtual = true;	130	virtual = true;
124	virtualType = "${data.interfaceType}";	131	virtualType = "${data.interfaceType}";
125	})	132	} // data.interfaceConfig)
126	);	133	);
127		134
128	systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair	135	systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair
@@ -141,23 +148,19 @@ in
141	preStart = ''	148	preStart = ''
142	${pkgs.openresolv}/bin/resolvconf -d tinc.${network} \|\| true	149	${pkgs.openresolv}/bin/resolvconf -d tinc.${network} \|\| true
143	'';	150	'';
144	# preStart = ''	151	preStart = ''
145	# mkdir -p /etc/tinc/${network}/hosts	152	mkdir -p /etc/tinc/${network}/hosts
146		153
147	# # Determine how we should generate our keys	154	# Determine how we should generate our keys
148	# if type tinc >/dev/null 2>&1; then	155	if type tinc >/dev/null 2>&1; then
149	# # Tinc 1.1+ uses the tinc helper application for key generation	156	# Tinc 1.1+ uses the tinc helper application for key generation
150		157	[ -f "/etc/tinc/${network}/ed25519_key.priv" ] \|\| tinc -n ${network} generate-ed25519-keys \|\| \
151	# # Prefer ED25519 keys (only in 1.1+)	158	[ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tinc -n ${network} generate-rsa-keys 4096
152	# [ -f "/etc/tinc/${network}/ed25519_key.priv" ] \|\| tinc -n ${network} generate-ed25519-keys	159	else
153		160	# Tinc 1.0 uses the tincd application
154	# # Otherwise use RSA keys	161	[ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tincd -n ${network} -K 4096
155	# [ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tinc -n ${network} generate-rsa-keys 4096	162	fi
156	# else	163	'';
157	# # Tinc 1.0 uses the tincd application
158	# [ -f "/etc/tinc/${network}/rsa_key.priv" ] \|\| tincd -n ${network} -K 4096
159	# fi
160	# '';
161	script = ''	164	script = ''
162	tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}	165	tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}
163	'';	166	'';


diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix index 4c19e0e7..a4309278 100644 --- a/custom/tinc/yggdrasil.nix +++ b/custom/tinc/yggdrasil.nix
@@ -1,30 +1,33 @@
1	{ config, pkgs, name, ip }:	1	{ stdenv
		2	, nettools
		3	, openresolv
		4	, connect ? true
		5	, ipConf ? {}
		6	}
2		7
3	{
4	config.services.tinc = {
5	networks = {
6	"yggdrasil" = {
7	name = name;
8	debugLevel = 2;
9	hosts = ( import ./yggdrasil-hosts.nix );
10	extraConfig = "ConnectTo = surtr";
11	scripts = {
12	tinc-up = ''
13	#!${pkgs.stdenv.shell}
14	${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
15	${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
16	domain yggdrasil
17	nameserver 10.141.1.1
18	EOF'';
19	tinc-down = ''
20	#!${pkgs.stdenv.shell}
21	${pkgs.openresolv}/bin/resolvconf -d tinc.yggdrasil'';
22	};
23	};
24	};
25	};
26		8
27	config.networking.interfaces."tinc.yggdrasil" = {	9	let
28	useDHCP = false;	10	connectTo = if connect then "" else "ConnectTo = ymir"
29	} // ip;	11	{
		12	"yggdrasil" = {
		13	name = name;
		14	debugLevel = 2;
		15	hosts = ( import ./yggdrasil-hosts.nix );
		16	extraConfig = connectTo;
		17	scripts = {
		18	tinc-up = ''
		19	#!${stdenv.shell}
		20	${nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
		21	${openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
		22	domain yggdrasil
		23	nameserver 10.141.1.1
		24	EOF
		25	'';
		26	tinc-down = ''
		27	#!${stdenv.shell}
		28	${openresolv}/bin/resolvconf -d tinc.yggdrasil
		29	'';
		30	};
		31	interfaceConfig = ipConf;
		32	};
30	}	33	}