From 77f84169144e893aebfe4a4a5135add3f4f585de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kieran.meinhardt@gmail.com>
Date: Tue, 5 Feb 2019 20:21:41 +0100
Subject: [PATCH] ~ retiolum

---
 configs/scripts.nix  |  6 ++++++
 modules/retiolum.nix | 37 ++++++++++++++++++++-----------------
 2 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/configs/scripts.nix b/configs/scripts.nix
index a3dfbd7..69d4c68 100644
--- a/configs/scripts.nix
+++ b/configs/scripts.nix
@@ -353,6 +353,12 @@ let
         executable = true;
       };
     in unstable.writers.writeDashBin "generate-shell-nix" ''${generateShellNixPath} $*'';
+  scripts.tinc-generate-key =
+    unstable.writers.writeDashBin "tinc-generate-key" ''
+      TMPDIR=/tmp
+      ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
+      ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
+    '';
   scripts.dic =
     let dicPath = pkgs.fetchurl {
       url = "https://cgit.krebsco.de/dic/plain/dic?id=beeca40313f68874e05568f4041423c16202e9da";
diff --git a/modules/retiolum.nix b/modules/retiolum.nix
index 3c0cab7..2c50246 100644
--- a/modules/retiolum.nix
+++ b/modules/retiolum.nix
@@ -1,8 +1,19 @@
 { config, pkgs, lib, ... }:
+
 with lib;
+
 let
+
   netname = "retiolum";
   cfg = config.networking.retiolum;
+
+  retiolum = pkgs.fetchFromGitHub {
+    owner = "krebs";
+    repo = netname;
+    rev = "8edeafb01411943eb483b5431bccce6702406f12";
+    sha256 = "1vnmhr5qfxhndlnsk8c87qbbwmlph1inlj924vqymfm1lgsasdq0";
+  };
+
 in {
   options = {
     networking.retiolum.ipv4 = mkOption {
@@ -25,48 +36,40 @@ in {
       '';
     };
   };
+
   config = {
+
     services.tinc.networks.${netname} = {
       name = cfg.nodename;
       extraConfig = ''
         LocalDiscovery = yes
-        ConnectTo = gum
-        ConnectTo = ni
-        ConnectTo = prism
-        ConnectTo = eve
         AutoConnect = yes
       '';
     };
-
-    networking.extraHosts = builtins.readFile (pkgs.fetchurl {
-      name = "retiolum.hosts";
-      url = "https://lassul.us/retiolum.hosts";
-      # FIXME
-      sha256 = "0kr68c2j1kdnlg9wk78dq02xzgxqyqzj2hfc42h7v9irrmrhnjka";
-    });
-
-    environment.systemPackages = [ config.services.tinc.networks.${netname}.package ];
-
     systemd.services."tinc.${netname}" = {
-      path = with pkgs; [ curl gnutar bzip2 ];
       preStart = ''
-        curl https://lassul.us/retiolum-hosts.tar.bz2 | tar -xjvf - -C /etc/tinc/${netname}/ || true
+        cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true
       '';
     };
 
+    networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
+
+    environment.systemPackages = [ config.services.tinc.networks.${netname}.package ];
+
     networking.firewall.allowedTCPPorts = [ 655 ];
     networking.firewall.allowedUDPPorts = [ 655 ];
+    #services.netdata.portcheck.checks.tinc.port = 655;
 
     systemd.network.enable = true;
     systemd.network.networks = {
       "${netname}".extraConfig = ''
         [Match]
         Name = tinc.${netname}
+
         [Network]
         Address=${cfg.ipv4}/12
         Address=${cfg.ipv6}/16
       '';
     };
   };
-
 }