nki/nix-home
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity

Massive nixfmt reformatting

Browse source
This commit is contained in:
Natsu Kagami 2025-04-03 13:59:50 +02:00
parent fe4492f004
commit b29ddd5e65
Signed by: nki
GPG key ID: 55A032EB38B49ADB
109 changed files with 4323 additions and 2368 deletions
Download patch file Download diff file Expand all files Collapse all files

136
modules/my-tinc/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
@ -36,72 +41,89 @@ in
};
};
config = mkIf cfg.enable (builtins.seq
(mkIf (isNull cfg.rsaPrivateKey && isNull cfg.ed25519PrivateKey) (builtins.abort "one of the keys must be defined"))
(
let
networkName = "my-tinc";
config = mkIf cfg.enable (
builtins.seq
(mkIf (isNull cfg.rsaPrivateKey && isNull cfg.ed25519PrivateKey) (
builtins.abort "one of the keys must be defined"
))
(
let
networkName = "my-tinc";
myHost = builtins.getAttr cfg.hostName hosts;
myMeshIp = myHost.subnetAddr;
in
{
# Scripts that set up the tinc services
environment.etc = {
"tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
#!${pkgs.stdenv.shell}
${pkgs.nettools}/bin/ifconfig $INTERFACE ${myMeshIp} netmask 255.255.255.0
'';
"tinc/${networkName}/tinc-down".source = pkgs.writeScript "tinc-down-${networkName}" ''
#!${pkgs.stdenv.shell}
/run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
'';
};
myHost = builtins.getAttr cfg.hostName hosts;
myMeshIp = myHost.subnetAddr;
in
{
# Scripts that set up the tinc services
environment.etc = {
"tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
#!${pkgs.stdenv.shell}
${pkgs.nettools}/bin/ifconfig $INTERFACE ${myMeshIp} netmask 255.255.255.0
'';
"tinc/${networkName}/tinc-down".source = pkgs.writeScript "tinc-down-${networkName}" ''
#!${pkgs.stdenv.shell}
/run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
'';
};
# Allow the tinc service to call ifconfig without sudo password.
security.sudo.extraRules = [
{
users = [ "tinc.${networkName}" ];
commands = [
# Allow the tinc service to call ifconfig without sudo password.
security.sudo.extraRules = [
{
users = [ "tinc.${networkName}" ];
commands = [
{
command = "${pkgs.nettools}/bin/ifconfig";
options = [ "NOPASSWD" ];
}
];
}
];
# simple interface setup
# ----------------------
networking.interfaces."tinc.${networkName}".ipv4.addresses = [
{
address = myMeshIp;
prefixLength = 24;
}
];
# firewall
networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 655 ];
networking.firewall.interfaces."tinc.${networkName}" = {
allowedUDPPortRanges = [
{
command = "${pkgs.nettools}/bin/ifconfig";
options = [ "NOPASSWD" ];
from = 0;
to = 65535;
}
];
}
];
allowedTCPPortRanges = [
{
from = 0;
to = 65535;
}
];
};
# simple interface setup
# ----------------------
networking.interfaces."tinc.${networkName}".ipv4.addresses = [{ address = myMeshIp; prefixLength = 24; }];
# configure tinc service
# ----------------------
services.tinc.networks."${networkName}" = {
# firewall
networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 655 ];
networking.firewall.interfaces."tinc.${networkName}" = {
allowedUDPPortRanges = [{ from = 0; to = 65535; }];
allowedTCPPortRanges = [{ from = 0; to = 65535; }];
};
name = cfg.hostName; # who are we in this network.
debugLevel = 3; # the debug level for journal -u tinc.private
chroot = false; # otherwise addresses can't be a DNS
interfaceType = "tap"; # tun might also work.
# configure tinc service
# ----------------------
services.tinc.networks."${networkName}" = {
bindToAddress = "* ${toString cfg.bindPort}";
name = cfg.hostName; # who are we in this network.
ed25519PrivateKeyFile = cfg.ed25519PrivateKey;
rsaPrivateKeyFile = cfg.rsaPrivateKey;
debugLevel = 3; # the debug level for journal -u tinc.private
chroot = false; # otherwise addresses can't be a DNS
interfaceType = "tap"; # tun might also work.
bindToAddress = "* ${toString cfg.bindPort}";
ed25519PrivateKeyFile = cfg.ed25519PrivateKey;
rsaPrivateKeyFile = cfg.rsaPrivateKey;
settings.ExperimentalProtocol = "yes";
};
}
)
settings.ExperimentalProtocol = "yes";
};
}
)
);
}

43
modules/my-tinc/hosts.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
@ -6,30 +11,34 @@ let
cfg = config.services.my-tinc;
mapAttrs = f: attrs: builtins.listToAttrs (
map (name: { inherit name; value = f name (builtins.getAttr name attrs); }) (builtins.attrNames attrs)
);
mapAttrs =
f: attrs:
builtins.listToAttrs (
map (name: {
inherit name;
value = f name (builtins.getAttr name attrs);
}) (builtins.attrNames attrs)
);
in
{
config = mkIf cfg.enable {
# All hosts we know of
services.tinc.networks.my-tinc.hostSettings = mapAttrs
(name: host: {
addresses = if (host ? address) then [{ address = host.address; }] else [ ];
subnets = [{ address = host.subnetAddr; }];
rsaPublicKey = mkIf (host ? "rsaPublicKey") host.rsaPublicKey;
settings.Ed25519PublicKey = mkIf (host ? "ed25519PublicKey") host.ed25519PublicKey;
})
hosts;
services.tinc.networks.my-tinc.hostSettings = mapAttrs (name: host: {
addresses = if (host ? address) then [ { address = host.address; } ] else [ ];
subnets = [ { address = host.subnetAddr; } ];
rsaPublicKey = mkIf (host ? "rsaPublicKey") host.rsaPublicKey;
settings.Ed25519PublicKey = mkIf (host ? "ed25519PublicKey") host.ed25519PublicKey;
}) hosts;
# Add all of them to host
nki.services.edns = {
enable = true;
cloaking-rules =
(lib.attrsets.mapAttrs'
(name: host: { name = "${name}.tinc"; value = host.subnetAddr; })
hosts)
;
cloaking-rules = (
lib.attrsets.mapAttrs' (name: host: {
name = "${name}.tinc";
value = host.subnetAddr;
}) hosts
);
};
};
}