From 2f45394b52b8c738be80a0498c29a36362126961 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Jul 2016 14:02:04 +0200 Subject: k 3 retiolum: add customizable tinc-up --- krebs/3modules/retiolum.nix | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) (limited to 'krebs/3modules/retiolum.nix') diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 0bd815211..18e0dd65a 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -12,9 +12,11 @@ let define a tinc network ''; type = with types; attrsOf (submodule (tinc: { - options = { + options = let + netname = tinc.config._module.args.name; + in { - enable = mkEnableOption "krebs.tinc.${tinc.config._module.args.name}" // { default = true; }; + enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; host = mkOption { type = types.host; @@ -23,7 +25,7 @@ let netname = mkOption { type = types.enum (attrNames tinc.config.host.nets); - default = tinc.config._module.args.name; + default = netname; description = '' The tinc network name. It is used to name the TUN device and to generate the default value for @@ -38,6 +40,27 @@ let Extra Configuration to be appended to tinc.conf ''; }; + tincUp = mkOption { + type = types.string; + default = let + net = tinc.config.host.nets.${netname}; + iproute = tinc.config.iproutePackage; + in '' + ${optionalString (net.ip4 != null) /* sh */ '' + ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} + ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} + ''} + ${optionalString (net.ip6 != null) /* sh */ '' + ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} + ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} + ''} + ''; + description = '' + tinc-up script to be used. Defaults to setting the + krebs.host.nets..ip4 and ip6 for the new ips and + configures forwarding of the respecitive netmask as subnet. + ''; + }; tincPackage = mkOption { type = types.package; @@ -131,6 +154,7 @@ let krebs.secret.files = mapAttrs' (netname: cfg: nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc; + users.users = mapAttrs' (netname: cfg: nameValuePair "${netname}" { inherit (cfg.user) home name uid; @@ -140,7 +164,6 @@ let systemd.services = mapAttrs (netname: cfg: let - net = cfg.host.nets.${netname}; tinc = cfg.tincPackage; iproute = cfg.iproutePackage; @@ -157,14 +180,7 @@ let ''; "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' ${iproute}/sbin/ip link set ${netname} up - ${optionalString (net.ip4 != null) /* sh */ '' - ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} - ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} - ''} - ${optionalString (net.ip6 != null) /* sh */ '' - ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} - ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} - ''} + ${cfg.tincUp} ''; } ); -- cgit v1.2.3 From 8c465870fc94d8544a164e547f174fd0bb9d8661 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 10:55:34 +0200 Subject: retiolum: support nets..tinc.port --- krebs/3modules/retiolum.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'krebs/3modules/retiolum.nix') diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 18e0dd65a..8e91ee6e1 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -132,8 +132,9 @@ let routeable IPv4 or IPv6 address. In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.addrs4 = - [ "${external-ip} ${external-port}" ] + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = + "${external-ip} ${external-port}" + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; ''; }; @@ -176,6 +177,7 @@ let Interface = ${netname} ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} PrivateKeyFile = ${cfg.privkey.path} + Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port} ${cfg.extraConfig} ''; "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' -- cgit v1.2.3 From 8ef63b024dfa1f1e414f2d077828cd9e8488e575 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 28 Jul 2016 13:03:09 +0200 Subject: k 3 retiolum: fix documentation text --- krebs/3modules/retiolum.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'krebs/3modules/retiolum.nix') diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 8e91ee6e1..2b181a556 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -132,8 +132,7 @@ let routeable IPv4 or IPv6 address. In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = - "${external-ip} ${external-port}" + krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; ''; }; -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/41100000.lock: No such file or directory (2)