From 7278996bf80f2712537f821fffc48fdec69d8478 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 4 Nov 2015 13:40:18 +0100 Subject: tinc rewrite --- custom/tinc/def.nix | 39 +++++++++++++++++--------------- custom/tinc/yggdrasil.nix | 57 +++++++++++++++++++++++++---------------------- 2 files changed, 51 insertions(+), 45 deletions(-) (limited to 'custom') diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix index e191168f..5412826b 100644 --- a/custom/tinc/def.nix +++ b/custom/tinc/def.nix @@ -70,6 +70,13 @@ in ''; }; + interfaceConfig = mkOption { + default = { }; + description = '' + Additional configuration for the generated network interface + ''; + }; + package = mkOption { default = pkgs.tinc_pre; description = '' @@ -122,7 +129,7 @@ in ({ virtual = true; virtualType = "${data.interfaceType}"; - }) + } // data.interfaceConfig) ); systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair @@ -141,23 +148,19 @@ in preStart = '' ${pkgs.openresolv}/bin/resolvconf -d tinc.${network} || true ''; - # preStart = '' - # mkdir -p /etc/tinc/${network}/hosts - - # # Determine how we should generate our keys - # if type tinc >/dev/null 2>&1; then - # # Tinc 1.1+ uses the tinc helper application for key generation - - # # Prefer ED25519 keys (only in 1.1+) - # [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys - - # # Otherwise use RSA keys - # [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 - # else - # # Tinc 1.0 uses the tincd application - # [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096 - # fi - # ''; + preStart = '' + mkdir -p /etc/tinc/${network}/hosts + + # Determine how we should generate our keys + if type tinc >/dev/null 2>&1; then + # Tinc 1.1+ uses the tinc helper application for key generation + [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys || \ + [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 + else + # Tinc 1.0 uses the tincd application + [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096 + fi + ''; script = '' tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel} ''; diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix index 4c19e0e7..a4309278 100644 --- a/custom/tinc/yggdrasil.nix +++ b/custom/tinc/yggdrasil.nix @@ -1,30 +1,33 @@ -{ config, pkgs, name, ip }: +{ stdenv +, nettools +, openresolv +, connect ? true +, ipConf ? {} +} -{ - config.services.tinc = { - networks = { - "yggdrasil" = { - name = name; - debugLevel = 2; - hosts = ( import ./yggdrasil-hosts.nix ); - extraConfig = "ConnectTo = surtr"; - scripts = { - tinc-up = '' - #!${pkgs.stdenv.shell} - ${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999 - ${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <