3 files changed, 32 insertions, 30 deletions

diff --git a/krebs/3modules/github/known-hosts.nix b/krebs/3modules/github/known-hosts.nix
index f2705caa4..c0d0b588a 100644
--- a/krebs/3modules/github/known-hosts.nix
+++ b/krebs/3modules/github/known-hosts.nix
@@ -3,8 +3,7 @@
     hostNames =
       ["github.com"]
       ++
-      # List generated with (IPv6 addresses are currently ignored):
-      # curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -Rs 'split("\n")|map(select(.!=""))' > known-hosts.json
+      # update known-hosts.json using ./update
       lib.importJSON ./known-hosts.json
     ;
     publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
diff --git a/krebs/3modules/github/update b/krebs/3modules/github/update
new file mode 100755
index 000000000..3952dabae
--- /dev/null
+++ b/krebs/3modules/github/update
@@ -0,0 +1,15 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i bash -p cidr2glob curl git jq
+
+# update known-hosts.json
+#
+# usage: ./update
+
+set -efu
+
+# XXX IPv6 addresses are currently ignored
+curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | cidr2glob | jq -Rs 'split("\n")|map(select(.!=""))' > known-hosts.json
+
+if git diff --exit-code known-hosts.json; then
+  echo known-hosts.json is up to date: nothing to do >&2
+fi
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 0babc448a..52cdafe67 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -26,10 +26,7 @@ with import <stockholm/lib>;
                 Port = ${toString tinc.config.host.nets.${netname}.tinc.port}
                 ${tinc.config.extraConfig}
               '';
-              "tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
-                ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up
-                ${tinc.config.tincUp}
-              '';
+              "tinc-up" = pkgs.writeDash "${netname}-tinc-up" tinc.config.tincUp;
             });
         };
 
@@ -60,7 +57,8 @@ with import <stockholm/lib>;
           default = let
             net = tinc.config.host.nets.${netname};
             iproute = tinc.config.iproutePackage;
-          in ''
+          in /* sh */ ''
+            ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up
             ${optionalString (net.ip4 != null) /* sh */ ''
               ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname}
               ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname}
@@ -69,14 +67,13 @@ with import <stockholm/lib>;
               ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
               ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
             ''}
-            ${tinc.config.tincUpExtra}
           '';
-          defaultText = ''
-            ip -4 addr add ‹net.ip4.addr› dev ${netname}
-            ip -4 route add ‹net.ip4.prefix› dev ${netname}
-            ip -6 addr add ‹net.ip6.addr› dev ${netname}
-            ip -6 route add ‹net.ip6.prefix› dev ${netname}
-            ${tinc.config.tincUpExtra}
+          defaultText = /* sh */ ''
+            ip link set ‹netname› up
+            ip -4 addr add ‹net.ip4.addr› dev ‹netname›
+            ip -4 route add ‹net.ip4.prefix› dev ‹netname›
+            ip -6 addr add ‹net.ip6.addr› dev ‹netname›
+            ip -6 route add ‹net.ip6.prefix› dev ‹netname›
           '';
           description = ''
             tinc-up script to be used. Defaults to setting the
@@ -85,11 +82,6 @@ with import <stockholm/lib>;
           '';
         };
 
-        tincUpExtra = mkOption {
-          type = types.str;
-          default = "";
-        };
-
         tincPackage = mkOption {
           type = types.package;
           default = pkgs.tinc_pre;
@@ -125,17 +117,13 @@ with import <stockholm/lib>;
 
         hostsPackage = mkOption {
           type = types.package;
-          default = pkgs.stdenv.mkDerivation {
-            name = "${tinc.config.netname}-tinc-hosts";
-            phases = [ "installPhase" ];
-            installPhase = ''
-              mkdir $out
-              ${concatStrings (mapAttrsToList (_: host: ''
-                echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \
-                  > $out/${shell.escape host.name}
-              '') tinc.config.hosts)}
-            '';
-          };
+          default =
+            pkgs.write "${tinc.config.netname}-tinc-hosts"
+              (mapAttrs'
+                (_: host: nameValuePair "/${host.name}" {
+                  text = host.nets.${tinc.config.netname}.tinc.config;
+                })
+                tinc.config.hosts);
           defaultText = "‹netname›-tinc-hosts";
           description = ''
             Package of tinc host configuration files.  By default, a package will