Mic92/retiolum
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update new keys properly

Browse Source
This commit is contained in:
Jörg Thalheim 2021-11-19 12:02:16 +01:00
parent 7b9ea16d68
commit 80ea9863e7
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
modules/retiolum/default.nix
View File

@ -5,6 +5,7 @@ with lib;
let let
netname = "retiolum"; netname = "retiolum";
cfg = config.networking.retiolum; cfg = config.networking.retiolum;
hosts = ../../hosts;
in { in {
options = { options = {
networking.retiolum.ipv4 = mkOption { networking.retiolum.ipv4 = mkOption {
@ -36,11 +37,11 @@ in {
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
ConnectTo = eva
ConnectTo = eve
ConnectTo = gum ConnectTo = gum
ConnectTo = ni ConnectTo = ni
ConnectTo = prism ConnectTo = prism
ConnectTo = eve
ConnectTo = eva
AutoConnect = yes AutoConnect = yes
''; '';
}; };
@ -51,25 +52,29 @@ in {
config.services.tinc.networks.${netname}.package config.services.tinc.networks.${netname}.package
]; ];
systemd.services."tinc.${netname}-host-keys" = { systemd.services."tinc.${netname}-host-keys" = let
description = "Install tinc.${netname} host keys"; install-keys = pkgs.writeShellScript "install-keys" ''
requiredBy = [ "tinc.${netname}.service" ];
before = [ "tinc.${netname}.service" ];
script = ''
rm -rf /etc/tinc/${netname}/hosts rm -rf /etc/tinc/${netname}/hosts
cp -R ${../../hosts} /etc/tinc/${netname}/hosts cp -R ${hosts} /etc/tinc/${netname}/hosts
chown -R tinc.${netname} /etc/tinc/${netname}/hosts chown -R tinc.${netname} /etc/tinc/${netname}/hosts
chmod -R u+w /etc/tinc/${netname}/hosts chmod -R u+w /etc/tinc/${netname}/hosts
''; '';
# this triggers tinc restarts and it is pointless to restart tinc after the key has been created in {
restartIfChanged = false; description = "Install tinc.${netname} host keys";
wantedBy = [ "multi-user.target" ];
before = [ "tinc.${netname}.service" ];
# we reload here to be reloaded before tinc reloads
reloadIfChanged = true;
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = install-keys;
ExecReload = install-keys;
RemainAfterExit = true; RemainAfterExit = true;
}; };
}; };
systemd.services."tinc.${netname}" = { systemd.services."tinc.${netname}" = {
restartTriggers = [ hosts ];
# Some hosts require VPN for nixos-rebuild, so we don't want to restart it on update # Some hosts require VPN for nixos-rebuild, so we don't want to restart it on update
reloadIfChanged = true; reloadIfChanged = true;
# also in https://github.com/NixOS/nixpkgs/pull/106715 # also in https://github.com/NixOS/nixpkgs/pull/106715