From 9634b8dfffc7026dfe055aae38846deed588ec50 Mon Sep 17 00:00:00 2001 From: Natsu Kagami Date: Thu, 28 Oct 2021 16:10:47 -0400 Subject: [PATCH] Minor syntax fixes --- modules/my-tinc/default.nix | 74 +++++++++++++++++++------------------ modules/my-tinc/hosts.nix | 2 +- 2 files changed, 39 insertions(+), 37 deletions(-) diff --git a/modules/my-tinc/default.nix b/modules/my-tinc/default.nix index 1020ec8..7f727f1 100644 --- a/modules/my-tinc/default.nix +++ b/modules/my-tinc/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: with lib; let @@ -33,7 +33,7 @@ in config = mkIf cfg.enable (builtins.seq (mkIf (isNull cfg.rsaPrivateKey && isNull cfg.ed25519PrivateKey) (builtins.abort "one of the keys must be defined")) - let + (let networkName = "my-tinc"; myHost = builtins.getAttr cfg.hostName hosts; @@ -50,40 +50,42 @@ in #!${pkgs.stdenv.shell} /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down ''; - - # Allow the tinc service to call ifconfig without sudo password. - security.sudo.extraRules = [ - { - users = [ "tinc.${networkName}" ]; - commands = [ - { - command = "${pkgs.nettools}/bin/ifconfig"; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; - - # simple interface setup - # ---------------------- - networking.interfaces."tinc.${networkName}".ipv4.addresses = [ { address = myMeshIp; prefixLength = 24; } ]; - - # firewall - networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 655 ]; - - # configure tinc service - # ---------------------- - services.tinc.networks."${networkName}"= { - - name = ${cfg.hostName}; # who are we in this network. - - debugLevel = 3; # the debug level for journal -u tinc.private - chroot = false; # otherwise addresses can't be a DNS - interfaceType = "tap"; # tun might also work. - - ed25519PrivateKeyFile = cfg.ed25519PrivateKey; - rsaPrivateKeyFile = cfg.rsaPrivateKey; }; + + # Allow the tinc service to call ifconfig without sudo password. + security.sudo.extraRules = [ + { + users = [ "tinc.${networkName}" ]; + commands = [ + { + command = "${pkgs.nettools}/bin/ifconfig"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + + # simple interface setup + # ---------------------- + networking.interfaces."tinc.${networkName}".ipv4.addresses = [ { address = myMeshIp; prefixLength = 24; } ]; + + # firewall + networking.firewall.allowedUDPPorts = [ 655 ]; + networking.firewall.allowedTCPPorts = [ 655 ]; + + # configure tinc service + # ---------------------- + services.tinc.networks."${networkName}"= { + + name = cfg.hostName; # who are we in this network. + + debugLevel = 3; # the debug level for journal -u tinc.private + chroot = false; # otherwise addresses can't be a DNS + interfaceType = "tap"; # tun might also work. + + ed25519PrivateKeyFile = cfg.ed25519PrivateKey; + rsaPrivateKeyFile = cfg.rsaPrivateKey; + }; + }) ); } diff --git a/modules/my-tinc/hosts.nix b/modules/my-tinc/hosts.nix index 1d65e29..de412a7 100644 --- a/modules/my-tinc/hosts.nix +++ b/modules/my-tinc/hosts.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: with lib; let