summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/retiolum.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules/retiolum.nix')
-rw-r--r--krebs/3modules/retiolum.nix80
1 files changed, 42 insertions, 38 deletions
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 326dfa7fb..a80c510a5 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -14,7 +14,7 @@ let
type = with types; attrsOf (submodule (tinc: {
options = {
- enable = mkEnableOption "krebs.tinc.${tinc.config._module.args.name}" // { default = true; };
+ enable = mkEnableOption "krebs.tinc.${tinc.config._module.args.name}" // { default = true; };
host = mkOption {
type = types.host;
@@ -124,58 +124,62 @@ let
};
}));
};
+
imp = {
- # TODO environment.systemPackages = [ tinc iproute ]; AND avoid conflicts
+ # TODO `environment.systemPackages = [ cfg.tincPackage cfg.iproutePackage ]` for each network,
+ # avoid conflicts in environment if the packages differ
+
krebs.secret.files = mapAttrs' (netname: cfg:
nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc;
users.users = mapAttrs' (netname: cfg:
nameValuePair "${netname}" {
- inherit (cfg.user) home name uid;
- createHome = true;
- } ) config.krebs.tinc;
+ inherit (cfg.user) home name uid;
+ createHome = true;
+ }
+ ) config.krebs.tinc;
systemd.services = mapAttrs (netname: cfg:
let
net = cfg.host.nets.${netname};
-
tinc = cfg.tincPackage;
-
iproute = cfg.iproutePackage;
confDir = let
namePathPair = name: path: { inherit name path; };
in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair {
- "hosts" = cfg.hostsPackage;
- "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
- Name = ${cfg.host.name}
- Interface = ${netname}
- ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
- PrivateKeyFile = ${cfg.privkey.path}
- ${cfg.extraConfig}
- '';
- "tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
- ${iproute}/sbin/ip link set ${netname} up
- ${optionalString (net.ip4 != null) /* sh */ ''
- ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname}
- ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname}
- ''}
- ${optionalString (net.ip6 != null) /* sh */ ''
- ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
- ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
- ''}
- '';
- });
+ "hosts" = cfg.hostsPackage;
+ "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
+ Name = ${cfg.host.name}
+ Interface = ${netname}
+ ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
+ PrivateKeyFile = ${cfg.privkey.path}
+ ${cfg.extraConfig}
+ '';
+ "tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
+ ${iproute}/sbin/ip link set ${netname} up
+ ${optionalString (net.ip4 != null) /* sh */ ''
+ ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname}
+ ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname}
+ ''}
+ ${optionalString (net.ip6 != null) /* sh */ ''
+ ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
+ ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
+ ''}
+ '';
+ }
+ );
in {
- description = "Tinc daemon for ${netname}";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
- requires = [ "secret.service" ];
- path = [ tinc iproute ];
- serviceConfig = rec {
- Restart = "always";
- ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
- SyslogIdentifier = netname;
- };
- } ) config.krebs.tinc;
+ description = "Tinc daemon for ${netname}";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "secret.service" ];
+ path = [ tinc iproute ];
+ serviceConfig = rec {
+ Restart = "always";
+ ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
+ SyslogIdentifier = netname;
+ };
+ }
+ ) config.krebs.tinc;
};
in out