Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

retiolum: config which is working but not functioning (see TODO in retiolum.nix)

Browse Source
This commit is contained in:
makefu 2016-07-20 10:06:04 +02:00
parent 835ddb0de0
commit 24db6439c4
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
2 changed files with 146 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
krebs/3modules/exim-retiolum.nix
View File

@ -37,7 +37,7 @@ let
config = config =
# This configuration makes only sense for retiolum-enabled hosts. # This configuration makes only sense for retiolum-enabled hosts.
# TODO modular configuration # TODO modular configuration
assert config.krebs.retiolum.enable; assert (lib.hasAttr "retiolum" config.krebs.tinc);
'' ''
keep_environment = keep_environment =

111
krebs/3modules/retiolum.nix
View File

@ -1,28 +1,30 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with config.krebs.lib; with config.krebs.lib;
let let
cfg = config.krebs.retiolum;
out = { out = {
options.krebs.retiolum = api; options.krebs.tinc = api;
config = lib.mkIf cfg.enable imp; config = imp;
}; };
api = { api = mkOption {
enable = mkEnableOption "krebs.retiolum"; default = {};
description = ''
define a tinc network
'';
type = with types; attrsOf (submodule (tinc: {
options = {
host = mkOption { host = mkOption {
type = types.host; type = types.host;
default = config.krebs.build.host; default = config.krebs.build.host;
}; };
netname = mkOption { netname = mkOption {
type = types.enum (attrNames cfg.host.nets); type = types.enum (attrNames tinc.config.host.nets);
default = "retiolum"; default = tinc.config._module.args.name;
description = '' description = ''
The tinc network name. The tinc network name.
It is used to name the TUN device and to generate the default value for It is used to name the TUN device and to generate the default value for
<literal>config.krebs.retiolum.hosts</literal>. <literal>config.krebs.tinc.retiolum.hosts</literal>.
''; '';
}; };
@ -43,7 +45,7 @@ let
hosts = mkOption { hosts = mkOption {
type = with types; attrsOf host; type = with types; attrsOf host;
default = default =
filterAttrs (_: h: hasAttr cfg.netname h.nets) config.krebs.hosts; filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts;
description = '' description = ''
Hosts to generate <literal>config.krebs.retiolum.hostsPackage</literal>. Hosts to generate <literal>config.krebs.retiolum.hostsPackage</literal>.
Note that these hosts must have a network named Note that these hosts must have a network named
@ -54,19 +56,19 @@ let
hostsPackage = mkOption { hostsPackage = mkOption {
type = types.package; type = types.package;
default = pkgs.stdenv.mkDerivation { default = pkgs.stdenv.mkDerivation {
name = "${cfg.netname}-tinc-hosts"; name = "${tinc.config.netname}-tinc-hosts";
phases = [ "installPhase" ]; phases = [ "installPhase" ];
installPhase = '' installPhase = ''
mkdir $out mkdir $out
${concatStrings (mapAttrsToList (_: host: '' ${concatStrings (lib.mapAttrsToList (_: host: ''
echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \ echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \
> $out/${shell.escape host.name} > $out/${shell.escape host.name}
'') cfg.hosts)} '') tinc.config.hosts)}
''; '';
}; };
description = '' description = ''
Package of tinc host configuration files. By default, a package will Package of tinc host configuration files. By default, a package will
be generated from <literal>config.krebs.retiolum.hosts</literal>. This be generated from <literal>config.krebs.${tinc.config.netname}.hosts</literal>. This
option's main purpose is to expose the generated hosts package to other option's main purpose is to expose the generated hosts package to other
modules, like <literal>config.krebs.tinc_graphs</literal>. But it can modules, like <literal>config.krebs.tinc_graphs</literal>. But it can
also be used to provide a custom hosts directory. also be used to provide a custom hosts directory.
@ -89,9 +91,9 @@ let
privkey = mkOption { privkey = mkOption {
type = types.secret-file; type = types.secret-file;
default = { default = {
path = "${cfg.user.home}/tinc.rsa_key.priv"; path = "${tinc.config.user.home}/tinc.rsa_key.priv";
owner = cfg.user; owner = tinc.config.user;
source-path = toString <secrets> + "/${cfg.netname}.rsa_key.priv"; source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv";
}; };
}; };
@ -112,37 +114,16 @@ let
user = mkOption { user = mkOption {
type = types.user; type = types.user;
default = { default = {
name = cfg.netname; name = tinc.config.netname;
home = "/var/lib/${cfg.user.name}"; home = "/var/lib/${tinc.config.user.name}";
}; };
}; };
}; };
}));
imp = {
krebs.secret.files."${cfg.netname}.rsa_key.priv" = cfg.privkey;
environment.systemPackages = [ tinc iproute ];
systemd.services.${cfg.netname} = {
description = "Tinc daemon for Retiolum";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
requires = [ "secret.service" ];
path = [ tinc iproute ];
serviceConfig = rec {
Restart = "always";
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
SyslogIdentifier = cfg.netname;
}; };
}; imp = lib.mkMerge ( lib.mapAttrsToList (netname: cfg:
let
users.users.${cfg.user.name} = { net = cfg.host.nets.${netname};
inherit (cfg.user) home name uid;
createHome = true;
};
};
net = cfg.host.nets.${cfg.netname};
tinc = cfg.tincPackage; tinc = cfg.tincPackage;
@ -150,26 +131,48 @@ let
confDir = let confDir = let
namePathPair = name: path: { inherit name path; }; namePathPair = name: path: { inherit name path; };
in pkgs.linkFarm "${cfg.netname}-etc-tinc" (mapAttrsToList namePathPair { in pkgs.linkFarm "${netname}-etc-tinc" (lib.mapAttrsToList namePathPair {
"hosts" = cfg.hostsPackage; "hosts" = cfg.hostsPackage;
"tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" '' "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
Name = ${cfg.host.name} Name = ${cfg.host.name}
Interface = ${cfg.netname} Interface = ${netname}
${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
PrivateKeyFile = ${cfg.privkey.path} PrivateKeyFile = ${cfg.privkey.path}
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
"tinc-up" = pkgs.writeDash "${cfg.netname}-tinc-up" '' "tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
${iproute}/sbin/ip link set ${cfg.netname} up ${iproute}/sbin/ip link set ${netname} up
${optionalString (net.ip4 != null) /* sh */ '' ${optionalString (net.ip4 != null) /* sh */ ''
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname} ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname}
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname} ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname}
''} ''}
${optionalString (net.ip6 != null) /* sh */ '' ${optionalString (net.ip6 != null) /* sh */ ''
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname} ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname} ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
''} ''}
''; '';
}); });
in {
krebs.secret.files."${netname}.rsa_key.priv" = cfg.privkey;
environment.systemPackages = [ tinc iproute ];
systemd.services.${netname} = {
description = "Tinc daemon for ${netname}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
requires = [ "secret.service" ];
path = [ tinc iproute ];
serviceConfig = rec {
Restart = "always";
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
SyslogIdentifier = netname;
};
};
users.users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
createHome = true;
};
}) {} ); # TODO <<<< replace with the "config.krebs.tinc" and avoid infinite recursion
in out in out