diff options
author | tv <tv@krebsco.de> | 2016-08-02 20:58:42 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-08-02 20:58:42 +0200 |
commit | e6aef09ad41cd55d716b8ee276ebd774b95d8ecb (patch) | |
tree | 6d8d5cce976f3843ab196367e82fec56f0798838 /krebs/3modules/retiolum.nix | |
parent | 0928cc03a6191640c66c9122159994855527faef (diff) | |
parent | b197949ab83ee3ee87b5774e0fc7c8d0123a6708 (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'krebs/3modules/retiolum.nix')
-rw-r--r-- | krebs/3modules/retiolum.nix | 45 |
1 files changed, 31 insertions, 14 deletions
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 0bd815211..2b181a556 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -12,9 +12,11 @@ let define a tinc network ''; type = with types; attrsOf (submodule (tinc: { - options = { + options = let + netname = tinc.config._module.args.name; + in { - enable = mkEnableOption "krebs.tinc.${tinc.config._module.args.name}" // { default = true; }; + enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; host = mkOption { type = types.host; @@ -23,7 +25,7 @@ let netname = mkOption { type = types.enum (attrNames tinc.config.host.nets); - default = tinc.config._module.args.name; + default = netname; description = '' The tinc network name. It is used to name the TUN device and to generate the default value for @@ -38,6 +40,27 @@ let Extra Configuration to be appended to tinc.conf ''; }; + tincUp = mkOption { + type = types.string; + default = let + net = tinc.config.host.nets.${netname}; + iproute = tinc.config.iproutePackage; + in '' + ${optionalString (net.ip4 != null) /* sh */ '' + ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} + ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} + ''} + ${optionalString (net.ip6 != null) /* sh */ '' + ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} + ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} + ''} + ''; + description = '' + tinc-up script to be used. Defaults to setting the + krebs.host.nets.<netname>.ip4 and ip6 for the new ips and + configures forwarding of the respecitive netmask as subnet. + ''; + }; tincPackage = mkOption { type = types.package; @@ -109,8 +132,8 @@ let routeable IPv4 or IPv6 address. In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.addrs4 = - [ "${external-ip} ${external-port}" ] + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; ''; }; @@ -131,6 +154,7 @@ let krebs.secret.files = mapAttrs' (netname: cfg: nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc; + users.users = mapAttrs' (netname: cfg: nameValuePair "${netname}" { inherit (cfg.user) home name uid; @@ -140,7 +164,6 @@ let systemd.services = mapAttrs (netname: cfg: let - net = cfg.host.nets.${netname}; tinc = cfg.tincPackage; iproute = cfg.iproutePackage; @@ -153,18 +176,12 @@ let Interface = ${netname} ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} PrivateKeyFile = ${cfg.privkey.path} + Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port} ${cfg.extraConfig} ''; "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' ${iproute}/sbin/ip link set ${netname} up - ${optionalString (net.ip4 != null) /* sh */ '' - ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} - ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} - ''} - ${optionalString (net.ip6 != null) /* sh */ '' - ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} - ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} - ''} + ${cfg.tincUp} ''; } ); |