···
config = mkIf (cfg.networks != { }) (
354
-
etcConfig = foldr (a: b: a // b) { }
355
-
(flip mapAttrsToList cfg.networks (network: data:
356
-
flip mapAttrs' data.hosts (host: text: nameValuePair
357
-
("tinc/${network}/hosts/${host}")
358
-
({ mode = "0644"; user = "tinc.${network}"; inherit text; })
360
-
"tinc/${network}/tinc.conf" = {
363
-
${toTincConf ({ Interface = "tinc.${network}"; } // data.settings)}
364
-
${data.extraConfig}
354
+
etcConfig = foldr (a: b: a // b) { }
355
+
(flip mapAttrsToList cfg.networks (network: data:
356
+
flip mapAttrs' data.hosts (host: text: nameValuePair
357
+
("tinc/${network}/hosts/${host}")
358
+
({ mode = "0644"; user = "tinc.${network}"; inherit text; })
360
+
"tinc/${network}/tinc.conf" = {
363
+
${toTincConf ({ Interface = "tinc.${network}"; } // data.settings)}
364
+
${data.extraConfig}
370
-
environment.etc = etcConfig;
370
+
environment.etc = etcConfig;
372
-
systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair
373
-
("tinc.${network}")
374
-
(let version = getVersion data.package; in {
375
-
description = "Tinc Daemon - ${network}";
376
-
wantedBy = [ "multi-user.target" ];
377
-
path = [ data.package ];
378
-
reloadTriggers = mkIf (versionAtLeast version "1.1pre") [ (builtins.toJSON etcConfig) ];
379
-
restartTriggers = mkIf (versionOlder version "1.1pre") [ (builtins.toJSON etcConfig) ];
382
-
Restart = "always";
384
-
ExecReload = mkIf (versionAtLeast version "1.1pre") "${data.package}/bin/tinc -n ${network} reload";
385
-
ExecStart = "${data.package}/bin/tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}";
388
-
mkdir -p /etc/tinc/${network}/hosts
389
-
chown tinc.${network} /etc/tinc/${network}/hosts
390
-
mkdir -p /etc/tinc/${network}/invitations
391
-
chown tinc.${network} /etc/tinc/${network}/invitations
372
+
systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair
373
+
("tinc.${network}")
374
+
(let version = getVersion data.package; in {
375
+
description = "Tinc Daemon - ${network}";
376
+
wantedBy = [ "multi-user.target" ];
377
+
path = [ data.package ];
378
+
reloadTriggers = mkIf (versionAtLeast version "1.1pre") [ (builtins.toJSON etcConfig) ];
379
+
restartTriggers = mkIf (versionOlder version "1.1pre") [ (builtins.toJSON etcConfig) ];
382
+
Restart = "always";
384
+
ExecReload = mkIf (versionAtLeast version "1.1pre") "${data.package}/bin/tinc -n ${network} reload";
385
+
ExecStart = "${data.package}/bin/tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}";
388
+
mkdir -p /etc/tinc/${network}/hosts
389
+
chown tinc.${network} /etc/tinc/${network}/hosts
390
+
mkdir -p /etc/tinc/${network}/invitations
391
+
chown tinc.${network} /etc/tinc/${network}/invitations
393
-
# Determine how we should generate our keys
394
-
if type tinc >/dev/null 2>&1; then
395
-
# Tinc 1.1+ uses the tinc helper application for key generation
396
-
${if data.ed25519PrivateKeyFile != null then " # ed25519 Keyfile managed by nix" else ''
397
-
# Prefer ED25519 keys (only in 1.1+)
398
-
[ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
400
-
${if data.rsaPrivateKeyFile != null then " # RSA Keyfile managed by nix" else ''
401
-
[ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
403
-
# In case there isn't anything to do
406
-
# Tinc 1.0 uses the tincd application
407
-
[ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
393
+
# Determine how we should generate our keys
394
+
if type tinc >/dev/null 2>&1; then
395
+
# Tinc 1.1+ uses the tinc helper application for key generation
396
+
${if data.ed25519PrivateKeyFile != null then " # ed25519 Keyfile managed by nix" else ''
397
+
# Prefer ED25519 keys (only in 1.1+)
398
+
[ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
400
+
${if data.rsaPrivateKeyFile != null then " # RSA Keyfile managed by nix" else ''
401
+
[ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
403
+
# In case there isn't anything to do
406
+
# Tinc 1.0 uses the tincd application
407
+
[ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
413
-
environment.systemPackages = let
414
-
cli-wrappers = pkgs.stdenv.mkDerivation {
415
-
name = "tinc-cli-wrappers";
416
-
nativeBuildInputs = [ pkgs.makeWrapper ];
419
-
${concatStringsSep "\n" (mapAttrsToList (network: data:
420
-
optionalString (versionAtLeast data.package.version "1.1pre") ''
421
-
makeWrapper ${data.package}/bin/tinc "$out/bin/tinc.${network}" \
422
-
--add-flags "--pidfile=/run/tinc.${network}.pid" \
423
-
--add-flags "--config=/etc/tinc/${network}"
427
-
in [ cli-wrappers ];
413
+
environment.systemPackages = let
414
+
cli-wrappers = pkgs.stdenv.mkDerivation {
415
+
name = "tinc-cli-wrappers";
416
+
nativeBuildInputs = [ pkgs.makeWrapper ];
419
+
${concatStringsSep "\n" (mapAttrsToList (network: data:
420
+
optionalString (versionAtLeast data.package.version "1.1pre") ''
421
+
makeWrapper ${data.package}/bin/tinc "$out/bin/tinc.${network}" \
422
+
--add-flags "--pidfile=/run/tinc.${network}.pid" \
423
+
--add-flags "--config=/etc/tinc/${network}"
427
+
in [ cli-wrappers ];
429
-
users.users = flip mapAttrs' cfg.networks (network: _:
430
-
nameValuePair ("tinc.${network}") ({
431
-
description = "Tinc daemon user for ${network}";
432
-
isSystemUser = true;
433
-
group = "tinc.${network}";
436
-
users.groups = flip mapAttrs' cfg.networks (network: _:
437
-
nameValuePair "tinc.${network}" {}
429
+
users.users = flip mapAttrs' cfg.networks (network: _:
430
+
nameValuePair ("tinc.${network}") ({
431
+
description = "Tinc daemon user for ${network}";
432
+
isSystemUser = true;
433
+
group = "tinc.${network}";
436
+
users.groups = flip mapAttrs' cfg.networks (network: _:
437
+
nameValuePair "tinc.${network}" {}
meta.maintainers = with maintainers; [ minijackson mic92 ];
pyrox.dev