From 96a67a937e0999c78750edae3aa6bc3500d3efc0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kmein@posteo.de>
Date: Sun, 20 Dec 2020 20:25:32 +0100
Subject: [PATCH] feat(retiolum): update tinc module to add hosts declaratively

---
 configs/retiolum.nix |  9 +++------
 lib/default.nix      |  2 +-
 modules/retiolum.nix | 17 ++++++++---------
 3 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/configs/retiolum.nix b/configs/retiolum.nix
index 6070f8b..9f3f5b2 100644
--- a/configs/retiolum.nix
+++ b/configs/retiolum.nix
@@ -1,10 +1,7 @@
 { config, pkgs, ... }: {
-  imports = [ <niveum/modules/retiolum.nix> ];
+  imports = [
+    <niveum/modules/retiolum.nix>
+  ];
 
   networking.hosts = { "42:0:ca48:f98f:63d7:31ce:922b:245d" = [ "go" ]; };
-
-  environment.etc."tinc/retiolum/rsa_key.priv" = {
-    text = builtins.readFile <system-secrets/retiolum.key>;
-    mode = "400";
-  };
 }
diff --git a/lib/default.nix b/lib/default.nix
index 7cd5fef..96117c2 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,7 +1,7 @@
 {
   nixpkgs-unstable = builtins.fetchGit {
     url = "https://github.com/NixOS/nixpkgs";
-    rev = "4512dac960f3833cf24cdbd742b63cb447bbdd9a";
+    rev = "c40f06022a83d6f286dd2a906e1d5fefcc05dfa1";
   };
 
   sshPort = 22022;
diff --git a/modules/retiolum.nix b/modules/retiolum.nix
index 84fb6f7..bf45557 100644
--- a/modules/retiolum.nix
+++ b/modules/retiolum.nix
@@ -4,6 +4,9 @@ let
   netname = "retiolum";
   cfg = config.networking.retiolum;
 in {
+  imports = [ "${(import <niveum/lib>).nixpkgs-unstable}/nixos/modules/services/networking/tinc.nix" ];
+  disabledModules = [ "services/networking/tinc.nix" ];
+
   options = {
     networking.retiolum.ipv4 = mkOption {
       type = types.str;
@@ -30,20 +33,17 @@ in {
 
     services.tinc.networks.${netname} = {
       name = cfg.nodename;
+      hosts = builtins.mapAttrs
+        (name: _: builtins.readFile "${<retiolum/hosts>}/${name}")
+        (builtins.readDir <retiolum/hosts>);
+      rsaPrivateKeyFile = toString <system-secrets/retiolum.key>;
       extraConfig = ''
         LocalDiscovery = yes
         AutoConnect = yes
       '';
     };
 
-    # environment.etc."tinc/retiolum".source = hostsPackage;
-
     systemd.services."tinc.${netname}" = {
-      preStart = ''
-        cp -R ${toString <retiolum/hosts>} /etc/tinc/retiolum/ || true
-      '';
-
-      # Some hosts require VPN for nixos-rebuild, so we don't want to restart it on update
       reloadIfChanged = true;
       # also in https://github.com/NixOS/nixpkgs/pull/106715
       serviceConfig.ExecReload = "${config.services.tinc.networks.${netname}.package}/bin/tinc -n ${netname} reload";
@@ -51,8 +51,7 @@ in {
 
     networking.extraHosts = builtins.readFile (toString <retiolum/etc.hosts>);
 
-    environment.systemPackages =
-      [ config.services.tinc.networks.${netname}.package ];
+    environment.systemPackages = [ config.services.tinc.networks.${netname}.package ];
 
     networking.firewall = {
       allowedTCPPorts = [ 655 ];