kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

feat(retiolum): update tinc module to add hosts declaratively

Browse Source
This commit is contained in:
Kierán Meinhardt
2020-12-20 20:25:32 +01:00
parent fb85c29651
commit 96a67a937e
3 changed files with 12 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
configs/retiolum.nix
View File

@@ -1,10 +1,7 @@
{ config, pkgs, ... }: { { config, pkgs, ... }: {
imports = [ <niveum/modules/retiolum.nix> ]; imports = [
<niveum/modules/retiolum.nix>
];
networking.hosts = { "42:0:ca48:f98f:63d7:31ce:922b:245d" = [ "go" ]; }; networking.hosts = { "42:0:ca48:f98f:63d7:31ce:922b:245d" = [ "go" ]; };
environment.etc."tinc/retiolum/rsa_key.priv" = {
text = builtins.readFile <system-secrets/retiolum.key>;
mode = "400";
};
} }

2
lib/default.nix
View File

@@ -1,7 +1,7 @@
{ {
nixpkgs-unstable = builtins.fetchGit { nixpkgs-unstable = builtins.fetchGit {
url = "https://github.com/NixOS/nixpkgs"; url = "https://github.com/NixOS/nixpkgs";
rev = "4512dac960f3833cf24cdbd742b63cb447bbdd9a"; rev = "c40f06022a83d6f286dd2a906e1d5fefcc05dfa1";
}; };
sshPort = 22022; sshPort = 22022;

17
modules/retiolum.nix
View File

@@ -4,6 +4,9 @@ let
netname = "retiolum"; netname = "retiolum";
cfg = config.networking.retiolum; cfg = config.networking.retiolum;
in { in {
imports = [ "${(import <niveum/lib>).nixpkgs-unstable}/nixos/modules/services/networking/tinc.nix" ];
disabledModules = [ "services/networking/tinc.nix" ];
options = { options = {
networking.retiolum.ipv4 = mkOption { networking.retiolum.ipv4 = mkOption {
type = types.str; type = types.str;
@@ -30,20 +33,17 @@ in {
services.tinc.networks.${netname} = { services.tinc.networks.${netname} = {
name = cfg.nodename; name = cfg.nodename;
hosts = builtins.mapAttrs
(name: _: builtins.readFile "${<retiolum/hosts>}/${name}")
(builtins.readDir <retiolum/hosts>);
rsaPrivateKeyFile = toString <system-secrets/retiolum.key>;
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
AutoConnect = yes AutoConnect = yes
''; '';
}; };
# environment.etc."tinc/retiolum".source = hostsPackage;
systemd.services."tinc.${netname}" = { systemd.services."tinc.${netname}" = {
preStart = ''
cp -R ${toString <retiolum/hosts>} /etc/tinc/retiolum/ || true
'';
# Some hosts require VPN for nixos-rebuild, so we don't want to restart it on update
reloadIfChanged = true; reloadIfChanged = true;
# also in https://github.com/NixOS/nixpkgs/pull/106715 # also in https://github.com/NixOS/nixpkgs/pull/106715
serviceConfig.ExecReload = "${config.services.tinc.networks.${netname}.package}/bin/tinc -n ${netname} reload"; serviceConfig.ExecReload = "${config.services.tinc.networks.${netname}.package}/bin/tinc -n ${netname} reload";
@@ -51,8 +51,7 @@ in {
networking.extraHosts = builtins.readFile (toString <retiolum/etc.hosts>); networking.extraHosts = builtins.readFile (toString <retiolum/etc.hosts>);
environment.systemPackages = environment.systemPackages = [ config.services.tinc.networks.${netname}.package ];
[ config.services.tinc.networks.${netname}.package ];
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 655 ]; allowedTCPPorts = [ 655 ];