Tinc: Difference between revisions

(3 intermediate revisions by 2 users not shown)

Line 68:

<syntaxHighlight lang=nix># for heinz

networking.interfaces."tinc.~~private~~" = [ { address = 10.1.1.25; } ];

networking.interfaces."tinc.${networkName}".ipv4.addresses = [ { address = "10.1.1.25"; prefixLength = 24; } ];

</syntaxHighlight>

Line 74:

The following snippet '''seems''' to fix that (until perhaps a more proper fix is upstreamed?):

systemd.services."network-addresses-tinc.${networkName}".~~before~~ = [ "tinc.${networkName}.service" ];

# Start the unit for adding addresses if Tinc is started

systemd.services."network-~~link~~-tinc.${networkName}".~~before~~ = [ "tinc.${networkName}.~~service~~" ];

systemd.services."tinc.${networkName}".wants = [ "network-addresses-tinc.${networkName}.service" ];

# Stop the unit for adding addresses if Tinc is stopped or restarted

systemd.services."network-addresses-tinc.${networkName}".partOf = [ "tinc.${networkName}.service" ];

# Start the unit for adding addresses after the Tinc device is added

systemd.services."network-addresses-tinc.${networkName}".after = [ "sys-subsystem-net-devices-tinc.${networkName}.device" ];

</syntaxHighlight>

Note 2019-12-28: another author found that those lines were counter-productive. Their system hung for 90 seconds on boot waiting for /sys/subsystem/net/devices/tinc.<tinc network name> to be available, and then after booting they had to manually do something to get tinc working. Removing those lines fixed both problems.

=== tinc-up/tinc-down ===

Line 86:

Line 89:

<syntaxHighlight lang=nix># for heinz

environment.etc."tinc/private/tinc-up".source = pkgs.writeScript ~~"~~tinc-up-private'

environment.etc = {

#!${pkgs.stdenv.shell}

"tinc/private/tinc-up".source = pkgs.writeScript "tinc-up-private" ''

${pkgs.nettools}/bin/ifconfig $INTERFACE 10.1.1.25 netmask 255.255.255.0

#!${pkgs.stdenv.shell}

'';

${pkgs.nettools}/bin/ifconfig $INTERFACE 10.1.1.25 netmask 255.255.255.0

~~environment.etc.~~"tinc/private/tinc-down".source = pkgs.writeScript "tinc-down-private''

'';

#!${pkgs.stdenv.shell}

"tinc/private/tinc-down".source = pkgs.writeScript "tinc-down-private" ''

/run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down

#!${pkgs.stdenv.shell}

'';</syntaxHighlight>

/run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down

'';

};</syntaxHighlight>

For the <code>tinc-down</code> we need to use sudo, because the user <code>tinc.private</code> who starts the service is not able to tear down the interface.

@@ Line 68: / Line 68: @@
 <syntaxHighlight lang=nix># for heinz
-networking.interfaces."tinc.private" = [ { address = 10.1.1.25; } ];
+networking.interfaces."tinc.${networkName}".ipv4.addresses = [ { address = "10.1.1.25"; prefixLength = 24; } ];
 </syntaxHighlight>
@@ Line 74: / Line 74: @@
 The following snippet '''seems''' to fix that (until perhaps a more proper fix is upstreamed?):
 <syntaxHighlight lang=nix>
-   systemd.services."network-addresses-tinc.${networkName}".before = [ "tinc.${networkName}.service" ];
+  # Start the unit for adding addresses if Tinc is started
-   systemd.services."network-link-tinc.${networkName}".before = [ "tinc.${networkName}.service" ];
+  systemd.services."tinc.${networkName}".wants = [ "network-addresses-tinc.${networkName}.service" ];
+  # Stop the unit for adding addresses if Tinc is stopped or restarted
+   systemd.services."network-addresses-tinc.${networkName}".partOf = [ "tinc.${networkName}.service" ];
+  # Start the unit for adding addresses after the Tinc device is added
+   systemd.services."network-addresses-tinc.${networkName}".after = [ "sys-subsystem-net-devices-tinc.${networkName}.device" ];
 </syntaxHighlight>
-Note 2019-12-28: another author found that those lines were counter-productive. Their system hung for 90 seconds on boot waiting for /sys/subsystem/net/devices/tinc.<tinc network name> to be available, and then after booting they had to manually do something to get tinc working. Removing those lines fixed both problems.
 === tinc-up/tinc-down ===
@@ Line 86: / Line 89: @@
 <syntaxHighlight lang=nix># for heinz
-environment.etc."tinc/private/tinc-up".source = pkgs.writeScript &quot;tinc-up-private'
+environment.etc = {
-  #!${pkgs.stdenv.shell}
+    "tinc/private/tinc-up".source = pkgs.writeScript "tinc-up-private" ''
-  ${pkgs.nettools}/bin/ifconfig $INTERFACE 10.1.1.25 netmask 255.255.255.0
+        #!${pkgs.stdenv.shell}
-'';
+        ${pkgs.nettools}/bin/ifconfig $INTERFACE 10.1.1.25 netmask 255.255.255.0
-environment.etc."tinc/private/tinc-down".source = pkgs.writeScript "tinc-down-private''
+    '';
-  #!${pkgs.stdenv.shell}
+    "tinc/private/tinc-down".source = pkgs.writeScript "tinc-down-private" ''
-  /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
+        #!${pkgs.stdenv.shell}
-'';</syntaxHighlight>
+        /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
+    '';
+};</syntaxHighlight>
 For the <code>tinc-down</code> we need to use sudo, because the user <code>tinc.private</code> who starts the service is not able to tear down the interface.