+++ /dev/null
-{ config, pkgs, lib, ... }:
-let
- cfg = config.myServices.vpn;
-in
-{
- options.myServices = {
- vpn.enable = lib.mkEnableOption "Enable vpn service";
- };
-
- config = lib.mkIf cfg.enable {
- secrets.keys = {
- "tinc/key.priv" = {
- user = "root";
- group = "root";
- permissions = "0400";
- text = config.myEnv.vpn.eldiron.privateKey;
- };
- "tinc/key.pub" = {
- user = "root";
- group = "root";
- permissions = "0400";
- text = config.myEnv.vpn.eldiron.publicKey;
- };
- };
- networking.firewall.allowedTCPPorts = [ 655 1194 ];
- system.activationScripts.tinc = let
- configFiles = pkgs.runCommand "tinc-files" {
- mainInterface = "eth0";
- hostName = "ImmaeEu";
- network = "Immae";
- keyFile = config.secrets.fullPaths."tinc/key.priv";
- } ''
- mkdir -p $out
- for i in ${./tinc}/*; do
- substituteAll $i $out/$(basename $i)
- done
- '';
- in ''
- install -m750 -o root -g root -d /var/lib/tinc/ /var/lib/tinc/Immae
- install -m700 -o root -g root -t /var/lib/tinc/Immae ${configFiles}/{host-*,tinc-*}
- install -m400 -o root -g root -t /var/lib/tinc/Immae ${configFiles}/tinc.conf
- if [ ! -d /var/lib/tinc/Immae/hosts ]; then
- ${pkgs.git}/bin/git clone -b master https://git.immae.eu/perso/Immae/Config/tinc/hosts /var/lib/tinc/Immae/hosts
- fi
- '';
-
- systemd.slices.tinc = {
- description = "Tinc slice";
- };
-
- systemd.services.tinc-Immae = {
- description = "Tinc Daemon - Immae";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- path = [ pkgs.tinc pkgs.bashInteractive pkgs.iproute pkgs.gnused pkgs.gawk pkgs.git pkgs.glibc ];
- serviceConfig = {
- Slice = "tinc.slice";
- Type = "simple";
- Restart = "always";
- RestartSec = "3";
- ExecStart = "${pkgs.tinc}/bin/tincd -d1 -D -c /var/lib/tinc/Immae --pidfile /run/tinc.Immae.pid";
- };
- };
- };
-}
projects / perso / Immae / Config / Nix.git / blobdiff