Use tinc-up/tinc-down scripts instead of networking.interfaces, to sidestep the rebuild bug

master
Sven Slootweg 5 years ago
parent a7f2f89f47
commit bf6424fc84

@ -1,7 +1,7 @@
/* TODO: Translate this to a service/module at some point? Something like 'cryto.network' that handles all the internal-networking stuff. */ /* TODO: Translate this to a service/module at some point? Something like 'cryto.network' that handles all the internal-networking stuff. */
{ hostname, nodes, pingInterval ? 10 }: { hostname, nodes, pingInterval ? 10 }:
{ lib, ... }: let { pkgs, lib, ... }: let
/* NOTE: We cannot just use simple string interpolation, because tinc's configuration format is not indentation-tolerant. Therefore, we do some programmatic concatenation magic to ensure that everything is indentation-free, without turning this file into a mess of wrong indentation. */ /* NOTE: We cannot just use simple string interpolation, because tinc's configuration format is not indentation-tolerant. Therefore, we do some programmatic concatenation magic to ensure that everything is indentation-free, without turning this file into a mess of wrong indentation. */
generateConfiguration = options: generateConfiguration = options:
let let
@ -22,6 +22,7 @@
services.tinc.networks.cryto = { services.tinc.networks.cryto = {
debugLevel = 3; debugLevel = 3;
chroot = false;
extraConfig = generateConfiguration { extraConfig = generateConfiguration {
AutoConnect = "yes"; AutoConnect = "yes";
@ -43,10 +44,10 @@
in lib.mapAttrs' mapper nodes; in lib.mapAttrs' mapper nodes;
}; };
networking.interfaces."tinc.cryto".ipv4.addresses = [{ # networking.interfaces."tinc.cryto".ipv4.addresses = [{
address = nodes.${hostname}.internalIpv4; # address = nodes.${hostname}.internalIpv4;
prefixLength = 24; # prefixLength = 24;
}]; # }];
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
@ -59,4 +60,24 @@
"tinc.cryto" "tinc.cryto"
]; ];
}; };
# FIXME: Make the netmask be generated from the prefixLength, instead of hard-coding it
environment.etc = {
"tinc/cryto/tinc-up".source = pkgs.writeScript "tinc-up-cryto" ''
#!${pkgs.stdenv.shell}
${pkgs.nettools}/bin/ifconfig tinc.cryto ${nodes.${hostname}.internalIpv4} netmask 255.255.255.0
'';
"tinc/cryto/tinc-down".source = pkgs.writeScript "tinc-down-cryto" ''
#!${pkgs.stdenv.shell}
/run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig tinc.cryto down
'';
};
security.sudo.extraRules = [{
users = [ "tinc.cryto" ];
commands = [{
command = "${pkgs.nettools}/bin/ifconfig tinc.cryto down";
options = [ "NOPASSWD" ];
}];
}];
} }

Loading…
Cancel
Save