From f6e600c20d6a97ebeda23fa2bb5621646222b2b0 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 2 Jan 2021 20:53:17 +0100
Subject: sif: import config

---
 modules/yggdrasil/default.nix | 49 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 modules/yggdrasil/default.nix

(limited to 'modules/yggdrasil/default.nix')

diff --git a/modules/yggdrasil/default.nix b/modules/yggdrasil/default.nix
new file mode 100644
index 00000000..91a550d6
--- /dev/null
+++ b/modules/yggdrasil/default.nix
@@ -0,0 +1,49 @@
+{ config, lib, customUtils, ... }:
+let
+  cfg = config.services.tinc.yggdrasil;
+in {
+  options = {
+    services.tinc.yggdrasil = lib.mkOption {
+      type = lib.types.submodule {
+        options = {
+          enable = lib.mkEnableOption "Yggdrasil tinc network";
+          
+          connect = lib.mkOption {
+            default = true;
+            type = lib.types.bool;
+            description = ''
+              Connect to central server
+            '';
+          };
+        };
+      };
+    };
+  };
+  
+  config = lib.mkIf cfg.enable {
+    services.tinc.networks.yggdrasil = {
+      name = config.networking.hostName;
+      hostSettings = customUtils.recImport { dir = ./hosts; };
+      debugLevel = 2;
+      interfaceType = "tap";
+      settings = {
+        Mode = "switch";
+        PingTimeout = 30;
+        ConnectTo = lib.mkIf cfg.connect "ymir";
+      };
+    };
+
+    sops.secrets = {
+      tinc-yggdrasil-rsa = {
+        key = "rsa";
+        path = "/etc/tinc/yggdrasil/rsa_key.priv";
+        sopsFile = ./hosts + "/${config.services.tinc.networks.yggdrasil.name}/private-keys.yaml";
+      };
+      tinc-yggdrasil-ed25519 = {
+        key = "ed25519";
+        path = "/etc/tinc/yggdrasil/rsa_key.priv";
+        sopsFile = ./hosts + "/${config.services.tinc.networks.yggdrasil.name}/private-keys.yaml";
+      };
+    };
+  };
+}
-- 
cgit v1.2.3