]>
Commit | Line | Data |
---|---|---|
ea9c6fe8 IB |
1 | { config, pkgs, lib, ... }: |
2 | let | |
3 | cfg = config.myServices.vpn; | |
4 | in | |
5 | { | |
6 | options.myServices = { | |
7 | vpn.enable = lib.mkEnableOption "Enable vpn service"; | |
8 | }; | |
9 | ||
10 | config = lib.mkIf cfg.enable { | |
4c4652aa IB |
11 | secrets.keys = { |
12 | "tinc/key.priv" = { | |
ea9c6fe8 IB |
13 | user = "root"; |
14 | group = "root"; | |
15 | permissions = "0400"; | |
16 | text = config.myEnv.vpn.eldiron.privateKey; | |
4c4652aa IB |
17 | }; |
18 | "tinc/key.pub" = { | |
ea9c6fe8 IB |
19 | user = "root"; |
20 | group = "root"; | |
21 | permissions = "0400"; | |
22 | text = config.myEnv.vpn.eldiron.publicKey; | |
4c4652aa IB |
23 | }; |
24 | }; | |
ea9c6fe8 IB |
25 | networking.firewall.allowedTCPPorts = [ 655 1194 ]; |
26 | system.activationScripts.tinc = let | |
27 | configFiles = pkgs.runCommand "tinc-files" { | |
28 | mainInterface = "eth0"; | |
29 | hostName = "ImmaeEu"; | |
30 | network = "Immae"; | |
31 | keyFile = config.secrets.fullPaths."tinc/key.priv"; | |
32 | } '' | |
33 | mkdir -p $out | |
34 | for i in ${./tinc}/*; do | |
35 | substituteAll $i $out/$(basename $i) | |
36 | done | |
37 | ''; | |
38 | in '' | |
39 | install -m750 -o root -g root -d /var/lib/tinc/ /var/lib/tinc/Immae | |
40 | install -m700 -o root -g root -t /var/lib/tinc/Immae ${configFiles}/{host-*,tinc-*} | |
41 | install -m400 -o root -g root -t /var/lib/tinc/Immae ${configFiles}/tinc.conf | |
42 | if [ ! -d /var/lib/tinc/Immae/hosts ]; then | |
43 | ${pkgs.git}/bin/git clone -b master https://git.immae.eu/perso/Immae/Config/tinc/hosts /var/lib/tinc/Immae/hosts | |
44 | fi | |
45 | ''; | |
46 | ||
850adcf4 IB |
47 | systemd.slices.tinc = { |
48 | description = "Tinc slice"; | |
49 | }; | |
50 | ||
ea9c6fe8 IB |
51 | systemd.services.tinc-Immae = { |
52 | description = "Tinc Daemon - Immae"; | |
53 | wantedBy = [ "multi-user.target" ]; | |
54 | after = [ "network.target" ]; | |
55 | path = [ pkgs.tinc pkgs.bashInteractive pkgs.iproute pkgs.gnused pkgs.gawk pkgs.git pkgs.glibc ]; | |
56 | serviceConfig = { | |
850adcf4 | 57 | Slice = "tinc.slice"; |
ea9c6fe8 IB |
58 | Type = "simple"; |
59 | Restart = "always"; | |
60 | RestartSec = "3"; | |
61 | ExecStart = "${pkgs.tinc}/bin/tincd -d1 -D -c /var/lib/tinc/Immae --pidfile /run/tinc.Immae.pid"; | |
62 | }; | |
63 | }; | |
64 | }; | |
65 | } |