From f88ee824910c4eac78d4208dac3f82fba5995e52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sun, 2 Aug 2020 22:06:41 +0100
Subject: [PATCH] add nixos module

---
 flake.nix                    |  4 ++-
 modules/retiolum/default.nix | 68 ++++++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 modules/retiolum/default.nix

diff --git a/flake.nix b/flake.nix
index b456455..ac1a64a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,7 @@
 {
   description = "Nix flake for retiolum VPN";
 
-  outputs = { self }: {};
+  outputs = { self }: {
+    nixosModules.retiolum = import ./modules/retiolum;
+  };
 }
diff --git a/modules/retiolum/default.nix b/modules/retiolum/default.nix
new file mode 100644
index 0000000..ae25be0
--- /dev/null
+++ b/modules/retiolum/default.nix
@@ -0,0 +1,68 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  netname = "retiolum";
+  cfg = config.networking.retiolum;
+
+in {
+  options = {
+    networking.retiolum.ipv4 = mkOption {
+      type = types.str;
+      description = ''
+        own ipv4 address
+      '';
+    };
+    networking.retiolum.ipv6 = mkOption {
+      type = types.str;
+      description = ''
+        own ipv6 address
+      '';
+    };
+    networking.retiolum.nodename = mkOption {
+      type = types.str;
+      default = config.networking.hostName;
+      description = ''
+        tinc network name
+      '';
+    };
+  };
+
+  config = {
+    services.tinc.networks.${netname} = {
+      name = cfg.nodename;
+      extraConfig = ''
+        LocalDiscovery = yes
+
+        ConnectTo = gum
+        ConnectTo = ni
+        ConnectTo = prism
+        ConnectTo = eve
+        AutoConnect = yes
+      '';
+    };
+
+    networking.extraHosts = builtins.readFile ../../etc.hosts;
+
+    environment.systemPackages = [ config.services.tinc.networks.${netname}.package ];
+
+    systemd.services."tinc.${netname}".preStart = ''
+      rm -rf /etc/tinc/${netname}/hosts
+      cp -R ${../../hosts} /etc/tinc/${netname}/hosts
+    '';
+
+    networking.firewall.allowedTCPPorts = [ 655 ];
+    networking.firewall.allowedUDPPorts = [ 655 ];
+
+    systemd.network.enable = true;
+    systemd.network.networks."${netname}".extraConfig = ''
+      [Match]
+      Name = tinc.${netname}
+
+      [Network]
+      Address=${cfg.ipv4}/12
+      Address=${cfg.ipv6}/16
+    '';
+  };
+}