···
{ config, lib, pkgs, ... }:
5
+
cfg = config.services.tinc;
7
+
mkValueString = value:
8
+
if value == true then "yes"
9
+
else if value == false then "no"
10
+
else generators.mkValueStringDefault { } value;
12
+
toTincConf = generators.toKeyValue {
13
+
listsAsDuplicateKeys = true;
14
+
mkKeyValue = generators.mkKeyValueDefault { inherit mkValueString; } "=";
17
+
tincConfType = with types;
19
+
valueType = oneOf [ bool str int ];
21
+
attrsOf (either valueType (listOf valueType));
23
+
addressSubmodule = {
25
+
address = mkOption {
27
+
description = "The external IP address or hostname where the host can be reached.";
31
+
type = types.nullOr types.port;
34
+
The port where the host can be reached.
36
+
If no port is specified, the default Port is used.
44
+
address = mkOption {
47
+
The subnet of this host.
49
+
Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case
50
+
a subnet consisting of only that single address is assumed, or they can
51
+
be a IPv4 or IPv6 network address with a prefix length.
53
+
IPv4 subnets are notated like 192.168.1.0/24, IPv6 subnets are notated
54
+
like fec0:0:0:1::/64. MAC addresses are notated like 0:1a:2b:3c:4d:5e.
56
+
Note that subnets like 192.168.1.1/24 are invalid.
60
+
prefixLength = mkOption {
61
+
type = with types; nullOr (addCheck int (n: n >= 0 && n <= 128));
64
+
The prefix length of the subnet.
66
+
If null, a subnet consisting of only that single address is assumed.
68
+
This conforms to standard CIDR notation as described in RFC1519.
73
+
type = types.ints.unsigned;
76
+
Indicates the priority over identical Subnets owned by different nodes.
78
+
Lower values indicate higher priority. Packets will be sent to the
79
+
node with the highest priority, unless that node is not reachable, in
80
+
which case the node with the next highest priority will be tried, and
87
+
hostSubmodule = { config, ... }: {
89
+
addresses = mkOption {
90
+
type = types.listOf (types.submodule addressSubmodule);
93
+
The external address where the host can be reached. This will set this
94
+
host's <option>settings.Address</option> option.
96
+
This variable is only required if you want to connect to this host.
100
+
subnets = mkOption {
101
+
type = types.listOf (types.submodule subnetSubmodule);
104
+
The subnets which this tinc daemon will serve. This will set this
105
+
host's <option>settings.Subnet</option> option.
107
+
Tinc tries to look up which other daemon it should send a packet to by
108
+
searching the appropriate subnet. If the packet matches a subnet, it
109
+
will be sent to the daemon who has this subnet in his host
110
+
configuration file.
114
+
rsaPublicKey = mkOption {
118
+
Legacy RSA public key of the host in PEM format, including start and
121
+
This will be appended as-is in the host's configuration file.
123
+
The ed25519 public key can be specified using the
124
+
<option>settings.Ed25519PublicKey</option> option instead.
7
-
cfg = config.services.tinc;
128
+
settings = mkOption {
130
+
type = types.submodule { freeformType = tincConfType; };
132
+
Configuration for this host.
134
+
See <link xlink:href="https://tinc-vpn.org/documentation-1.1/Host-configuration-variables.html"/>
135
+
for supported values.
140
+
config.settings = {
141
+
Address = mkDefault (map
142
+
(address: "${address.address} ${toString address.port}")
145
+
Subnet = mkDefault (map
147
+
if subnet.prefixLength == null then "${subnet.address}#${toString subnet.weight}"
148
+
else "${subnet.address}/${toString subnet.prefixLength}#${toString subnet.weight}")
···
21
-
type = with types; attrsOf (submodule {
164
+
type = with types; attrsOf (submodule ({ config, ... }: {
···
Extra lines to add to the tinc service configuration file.
173
+
Note that using the declarative <option>service.tinc.networks.<name>.settings</option>
174
+
option is preferred.
···
The name of the host in the network as well as the configuration for that host.
This name should only contain alphanumerics and underscores.
222
+
Note that using the declarative <option>service.tinc.networks.<name>.hostSettings</option>
223
+
option is preferred.
227
+
hostSettings = mkOption {
229
+
example = literalExample ''
233
+
{ address = "192.168.1.42"; }
234
+
{ address = "192.168.1.42"; port = 1655; }
236
+
subnets = [ { address = "10.0.0.42"; } ];
237
+
rsaPublicKey = "...";
239
+
Ed25519PublicKey = "...";
243
+
subnets = [ { address = "10.0.1.0"; prefixLength = 24; weight = 2; } ];
244
+
rsaPublicKey = "...";
251
+
type = types.attrsOf (types.submodule hostSubmodule);
253
+
The name of the host in the network as well as the configuration for that host.
254
+
This name should only contain alphanumerics and underscores.
···
type = types.enum [ "tun" "tap" ];
82
-
The type of virtual interface used for the network connection
262
+
The type of virtual interface used for the network connection.
···
The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.
Note that tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
302
+
settings = mkOption {
304
+
type = types.submodule { freeformType = tincConfType; };
305
+
example = literalExample ''
307
+
Interface = "custom.interface";
313
+
Configuration of the Tinc daemon for this network.
315
+
See <link xlink:href="https://tinc-vpn.org/documentation-1.1/Main-configuration-variables.html"/>
316
+
for supported values.
323
+
(hostname: host: ''
324
+
${toTincConf host.settings}
325
+
${host.rsaPublicKey}
327
+
config.hostSettings;
330
+
DeviceType = mkDefault config.interfaceType;
331
+
Name = mkDefault (if config.name == null then "$HOST" else config.name);
332
+
Ed25519PrivateKeyFile = mkIf (config.ed25519PrivateKeyFile != null) (mkDefault config.ed25519PrivateKeyFile);
333
+
PrivateKeyFile = mkIf (config.rsaPrivateKeyFile != null) (mkDefault config.rsaPrivateKeyFile);
334
+
ListenAddress = mkIf (config.listenAddress != null) (mkDefault config.listenAddress);
335
+
BindToAddress = mkIf (config.bindToAddress != null) (mkDefault config.bindToAddress);
Defines the tinc networks which will be started.
···
"tinc/${network}/tinc.conf" = {
147
-
Name = ${if data.name == null then "$HOST" else data.name}
148
-
DeviceType = ${data.interfaceType}
149
-
${optionalString (data.ed25519PrivateKeyFile != null) "Ed25519PrivateKeyFile = ${data.ed25519PrivateKeyFile}"}
150
-
${optionalString (data.rsaPrivateKeyFile != null) "PrivateKeyFile = ${data.rsaPrivateKeyFile}"}
151
-
${optionalString (data.listenAddress != null) "ListenAddress = ${data.listenAddress}"}
152
-
${optionalString (data.bindToAddress != null) "BindToAddress = ${data.bindToAddress}"}
153
-
Interface = tinc.${network}
363
+
${toTincConf ({ Interface = "tinc.${network}"; } // data.settings)}
···
434
+
meta.maintainers = with maintainers; [ minijackson ];
pyrox.dev