diff options
author | lassulus <lass@lassul.us> | 2017-05-16 22:06:31 +0200 |
---|---|---|
committer | lassulus <lass@lassul.us> | 2017-05-16 22:18:54 +0200 |
commit | fe639f585e9054096c2cee6e1a3cef9f22a37c78 (patch) | |
tree | a957e37396dc51bdfb485bf2610a0d9ec770edc0 /krebs/3modules/retiolum.nix | |
parent | a89e7a5c75204c5d1ad825f25430830f718a0411 (diff) |
k3: retiolum.nix -> tinc.nix
Diffstat (limited to 'krebs/3modules/retiolum.nix')
-rw-r--r-- | krebs/3modules/retiolum.nix | 216 |
1 files changed, 0 insertions, 216 deletions
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix deleted file mode 100644 index 67d383bb1..000000000 --- a/krebs/3modules/retiolum.nix +++ /dev/null @@ -1,216 +0,0 @@ -{ config, pkgs, lib, ... }: -with import <stockholm/lib>; -let - out = { - options.krebs.tinc = api; - config = imp; - }; - - api = mkOption { - default = {}; - description = '' - define a tinc network - ''; - type = with types; attrsOf (submodule (tinc: { - options = let - netname = tinc.config._module.args.name; - in { - - enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; - - confDir = mkOption { - type = types.package; - default = pkgs.linkFarm "${netname}-etc-tinc" - (mapAttrsToList (name: path: { inherit name path; }) { - "hosts" = tinc.config.hostsPackage; - "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' - Name = ${tinc.config.host.name} - Interface = ${netname} - ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} - PrivateKeyFile = ${tinc.config.privkey.path} - Port = ${toString tinc.config.host.nets.${netname}.tinc.port} - ${tinc.config.extraConfig} - ''; - "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' - ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up - ${tinc.config.tincUp} - ''; - }); - }; - - host = mkOption { - type = types.host; - default = config.krebs.build.host; - }; - - netname = mkOption { - type = types.enum (attrNames tinc.config.host.nets); - default = netname; - description = '' - The tinc network name. - It is used to name the TUN device and to generate the default value for - <literal>config.krebs.tinc.retiolum.hosts</literal>. - ''; - }; - - extraConfig = mkOption { - type = types.str; - default = ""; - description = '' - Extra Configuration to be appended to tinc.conf - ''; - }; - tincUp = mkOption { - type = types.string; - default = let - net = tinc.config.host.nets.${netname}; - iproute = tinc.config.iproutePackage; - in '' - ${optionalString (net.ip4 != null) /* sh */ '' - ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} - ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} - ''} - ${optionalString (net.ip6 != null) /* sh */ '' - ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} - ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} - ''} - ''; - description = '' - tinc-up script to be used. Defaults to setting the - krebs.host.nets.<netname>.ip4 and ip6 for the new ips and - configures forwarding of the respecitive netmask as subnet. - ''; - }; - - tincPackage = mkOption { - type = types.package; - default = pkgs.tinc; - description = "Tincd package to use."; - }; - - hosts = mkOption { - type = with types; attrsOf host; - default = - filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts; - description = '' - Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>. - Note that these hosts must have a network named - <literal>config.krebs.tinc.retiolum.netname</literal>. - ''; - }; - - hostsArchive = mkOption { - type = types.package; - default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} '' - ${pkgs.coreutils}/bin/ln -s ${tinc.config.hostsPackage} hosts - ${pkgs.gnutar}/bin/tar -hcjf $out hosts - ''; - readOnly = true; - }; - - hostsPackage = mkOption { - type = types.package; - default = pkgs.stdenv.mkDerivation { - name = "${tinc.config.netname}-tinc-hosts"; - phases = [ "installPhase" ]; - installPhase = '' - mkdir $out - ${concatStrings (lib.mapAttrsToList (_: host: '' - echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \ - > $out/${shell.escape host.name} - '') tinc.config.hosts)} - ''; - }; - description = '' - Package of tinc host configuration files. By default, a package will - be generated from <literal>config.krebs.${tinc.config.netname}.hosts</literal>. This - option's main purpose is to expose the generated hosts package to other - modules, like <literal>config.krebs.tinc_graphs</literal>. But it can - also be used to provide a custom hosts directory. - ''; - example = literalExample '' - (pkgs.stdenv.mkDerivation { - name = "my-tinc-hosts"; - src = /home/tv/my-tinc-hosts; - installPhase = "cp -R . $out"; - }) - ''; - }; - - iproutePackage = mkOption { - type = types.package; - default = pkgs.iproute; - description = "Iproute2 package to use."; - }; - - privkey = mkOption { - type = types.secret-file; - default = { - path = "${tinc.config.user.home}/tinc.rsa_key.priv"; - owner = tinc.config.user; - source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv"; - }; - }; - - connectTo = mkOption { - type = types.listOf types.str; - ${if tinc.config.netname == "retiolum" then "default" else null} = [ - "gum" - "ni" - "prism" - ]; - description = '' - The list of hosts in the network which the client will try to connect - to. These hosts should have an 'Address' configured which points to a - routeable IPv4 or IPv6 address. - - In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; - ''; - }; - - user = mkOption { - type = types.user; - default = { - name = tinc.config.netname; - home = "/var/lib/${tinc.config.user.name}"; - }; - }; - }; - })); - }; - - imp = { - # TODO `environment.systemPackages = [ cfg.tincPackage cfg.iproutePackage ]` for each network, - # avoid conflicts in environment if the packages differ - - krebs.secret.files = mapAttrs' (netname: cfg: - nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc; - - users.users = mapAttrs' (netname: cfg: - nameValuePair "${netname}" { - inherit (cfg.user) home name uid; - createHome = true; - } - ) config.krebs.tinc; - - systemd.services = mapAttrs (netname: cfg: - let - tinc = cfg.tincPackage; - iproute = cfg.iproutePackage; - in { - description = "Tinc daemon for ${netname}"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - requires = [ "secret.service" ]; - path = [ tinc iproute ]; - serviceConfig = rec { - Restart = "always"; - ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; - SyslogIdentifier = netname; - }; - } - ) config.krebs.tinc; - }; -in out |