diff options
Diffstat (limited to 'modules/private/vpn/default.nix')
-rw-r--r-- | modules/private/vpn/default.nix | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/modules/private/vpn/default.nix b/modules/private/vpn/default.nix deleted file mode 100644 index d4b197d..0000000 --- a/modules/private/vpn/default.nix +++ /dev/null | |||
@@ -1,65 +0,0 @@ | |||
1 | { config, pkgs, lib, ... }: | ||
2 | let | ||
3 | cfg = config.myServices.vpn; | ||
4 | in | ||
5 | { | ||
6 | options.myServices = { | ||
7 | vpn.enable = lib.mkEnableOption "Enable vpn service"; | ||
8 | }; | ||
9 | |||
10 | config = lib.mkIf cfg.enable { | ||
11 | secrets.keys = { | ||
12 | "tinc/key.priv" = { | ||
13 | user = "root"; | ||
14 | group = "root"; | ||
15 | permissions = "0400"; | ||
16 | text = config.myEnv.vpn.eldiron.privateKey; | ||
17 | }; | ||
18 | "tinc/key.pub" = { | ||
19 | user = "root"; | ||
20 | group = "root"; | ||
21 | permissions = "0400"; | ||
22 | text = config.myEnv.vpn.eldiron.publicKey; | ||
23 | }; | ||
24 | }; | ||
25 | networking.firewall.allowedTCPPorts = [ 655 1194 ]; | ||
26 | system.activationScripts.tinc = let | ||
27 | configFiles = pkgs.runCommand "tinc-files" { | ||
28 | mainInterface = "eth0"; | ||
29 | hostName = "ImmaeEu"; | ||
30 | network = "Immae"; | ||
31 | keyFile = config.secrets.fullPaths."tinc/key.priv"; | ||
32 | } '' | ||
33 | mkdir -p $out | ||
34 | for i in ${./tinc}/*; do | ||
35 | substituteAll $i $out/$(basename $i) | ||
36 | done | ||
37 | ''; | ||
38 | in '' | ||
39 | install -m750 -o root -g root -d /var/lib/tinc/ /var/lib/tinc/Immae | ||
40 | install -m700 -o root -g root -t /var/lib/tinc/Immae ${configFiles}/{host-*,tinc-*} | ||
41 | install -m400 -o root -g root -t /var/lib/tinc/Immae ${configFiles}/tinc.conf | ||
42 | if [ ! -d /var/lib/tinc/Immae/hosts ]; then | ||
43 | ${pkgs.git}/bin/git clone -b master https://git.immae.eu/perso/Immae/Config/tinc/hosts /var/lib/tinc/Immae/hosts | ||
44 | fi | ||
45 | ''; | ||
46 | |||
47 | systemd.slices.tinc = { | ||
48 | description = "Tinc slice"; | ||
49 | }; | ||
50 | |||
51 | systemd.services.tinc-Immae = { | ||
52 | description = "Tinc Daemon - Immae"; | ||
53 | wantedBy = [ "multi-user.target" ]; | ||
54 | after = [ "network.target" ]; | ||
55 | path = [ pkgs.tinc pkgs.bashInteractive pkgs.iproute pkgs.gnused pkgs.gawk pkgs.git pkgs.glibc ]; | ||
56 | serviceConfig = { | ||
57 | Slice = "tinc.slice"; | ||
58 | Type = "simple"; | ||
59 | Restart = "always"; | ||
60 | RestartSec = "3"; | ||
61 | ExecStart = "${pkgs.tinc}/bin/tincd -d1 -D -c /var/lib/tinc/Immae --pidfile /run/tinc.Immae.pid"; | ||
62 | }; | ||
63 | }; | ||
64 | }; | ||
65 | } | ||