X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fvpn%2Fdefault.nix;fp=modules%2Fprivate%2Fvpn%2Fdefault.nix;h=fbcba2f845dfb61ff06c874706b1df52b465b43c;hb=ea9c6fe8041faab128391a0c03ec3bde25e29fa3;hp=0000000000000000000000000000000000000000;hpb=8a304ef46e1ad221253f883a8a296a12018e3d30;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/vpn/default.nix b/modules/private/vpn/default.nix
new file mode 100644
index 0000000..fbcba2f
--- /dev/null
+++ b/modules/private/vpn/default.nix
@@ -0,0 +1,62 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.myServices.vpn;
+in
+{
+  options.myServices = {
+    vpn.enable = lib.mkEnableOption "Enable vpn service";
+  };
+
+  config = lib.mkIf cfg.enable {
+    secrets.keys = [
+      {
+        dest = "tinc/key.priv";
+        user = "root";
+        group = "root";
+        permissions = "0400";
+        text = config.myEnv.vpn.eldiron.privateKey;
+      }
+      {
+        dest = "tinc/key.pub";
+        user = "root";
+        group = "root";
+        permissions = "0400";
+        text = config.myEnv.vpn.eldiron.publicKey;
+      }
+    ];
+    networking.firewall.allowedTCPPorts = [ 655 1194 ];
+    system.activationScripts.tinc = let
+      configFiles = pkgs.runCommand "tinc-files" {
+        mainInterface = "eth0";
+        hostName = "ImmaeEu";
+        network = "Immae";
+        keyFile = config.secrets.fullPaths."tinc/key.priv";
+      } ''
+        mkdir -p $out
+        for i in ${./tinc}/*; do
+          substituteAll $i $out/$(basename $i)
+        done
+      '';
+    in ''
+      install -m750 -o root -g root -d /var/lib/tinc/ /var/lib/tinc/Immae
+      install -m700 -o root -g root -t /var/lib/tinc/Immae ${configFiles}/{host-*,tinc-*}
+      install -m400 -o root -g root -t /var/lib/tinc/Immae ${configFiles}/tinc.conf
+      if [ ! -d /var/lib/tinc/Immae/hosts ]; then
+        ${pkgs.git}/bin/git clone -b master https://git.immae.eu/perso/Immae/Config/tinc/hosts /var/lib/tinc/Immae/hosts
+      fi
+    '';
+
+    systemd.services.tinc-Immae = {
+      description = "Tinc Daemon - Immae";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      path = [ pkgs.tinc pkgs.bashInteractive pkgs.iproute pkgs.gnused pkgs.gawk pkgs.git pkgs.glibc ];
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+        RestartSec = "3";
+        ExecStart = "${pkgs.tinc}/bin/tincd -d1 -D -c /var/lib/tinc/Immae --pidfile /run/tinc.Immae.pid";
+      };
+    };
+  };
+}