nixos-config/nixos/components/network/tinc/private.nix

146 lines
4.7 KiB
Nix
Raw Normal View History

2023-01-26 21:29:47 +01:00
{ ipv4
, ipv6
, config
, optionalString
, concatStringsSep
, mapAttrsToList
, ...
}:
let
hosts = {
mobi = "10.23.42.23";
sterni = "10.23.42.24";
bobi = "10.23.42.25";
pepe = "10.23.42.26";
2023-02-13 18:40:56 +01:00
cream = "10.23.42.27";
2023-04-30 00:47:46 +02:00
chungus = "10.23.42.28";
2023-01-26 21:29:47 +01:00
robi = "10.23.42.111";
};
subDomains = {
2023-02-08 00:19:09 +01:00
# robi
"grafana.robi" = hosts.robi;
2023-05-14 02:59:03 +02:00
"loki.robi" = hosts.robi;
2023-02-08 00:19:09 +01:00
"prometheus.robi" = hosts.robi;
2023-05-03 21:20:51 +02:00
"sync.robi" = hosts.robi;
2023-05-14 02:59:03 +02:00
"transmission.robi" = hosts.robi;
"transmission2.robi" = hosts.robi;
2023-02-08 00:19:09 +01:00
# pepe
2023-02-07 21:56:04 +01:00
"grafana.pepe" = hosts.pepe;
2023-05-14 02:59:03 +02:00
"loki.pepe" = hosts.pepe;
2023-02-07 21:56:04 +01:00
"prometheus.pepe" = hosts.pepe;
2023-04-11 10:42:00 +02:00
"tdarr.pepe" = hosts.pepe;
2023-05-14 02:59:03 +02:00
"tts.pepe" = hosts.pepe;
2023-05-01 15:21:15 +02:00
# chungus
2023-10-05 16:30:34 +02:00
"de.tts.chungus" = hosts.chungus;
"en.tts.chungus" = hosts.chungus;
2023-05-14 02:59:03 +02:00
"flix.chungus" = hosts.chungus;
2023-10-05 16:30:34 +02:00
"git.chungus" = hosts.chungus;
2023-05-01 15:21:15 +02:00
"grafana.chungus" = hosts.chungus;
2023-05-14 02:59:03 +02:00
"loki.chungus" = hosts.chungus;
2023-05-01 15:21:15 +02:00
"prometheus.chungus" = hosts.chungus;
2023-10-05 16:30:34 +02:00
"s3.chungus" = hosts.chungus;
2023-05-03 21:20:51 +02:00
"sync.chungus" = hosts.chungus;
2023-05-14 02:59:03 +02:00
"tdarr.chungus" = hosts.chungus;
"trilium.chungus" = hosts.chungus;
"tts.chungus" = hosts.chungus;
2023-05-20 22:31:36 +02:00
# cream
"trilium.cream" = hosts.cream;
2023-01-26 21:29:47 +01:00
};
network = "private";
in
2022-10-13 10:51:21 +02:00
{
2023-01-26 21:29:47 +01:00
networking.firewall.trustedInterfaces = [ "tinc.${network}" ];
2022-10-13 10:51:21 +02:00
2023-01-26 21:29:47 +01:00
sops.secrets.tinc_ed25519_key = { };
2022-10-13 10:51:21 +02:00
2023-02-13 18:40:56 +01:00
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
2023-01-26 21:29:47 +01:00
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
interfaceType = "tap";
extraConfig = ''
LocalDiscovery = yes
'';
hostSettings = {
mobi = {
subnets = [{ address = hosts.mobi; }];
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
};
2023-02-13 18:40:56 +01:00
cream = {
subnets = [{ address = hosts.cream; }];
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
};
2023-01-26 21:29:47 +01:00
sterni = {
subnets = [{ address = hosts.sterni; }];
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
};
bobi = {
subnets = [{ address = hosts.bobi; }];
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
};
pepe = {
subnets = [{ address = hosts.pepe; }];
settings.Ed25519PublicKey = "LnE+w6ZfNCky4Kad3TBxpFKRJ2PJshkSpW6mC3pcsPI";
};
2023-04-30 00:47:46 +02:00
chungus = {
subnets = [{ address = hosts.chungus; }];
settings.Ed25519PublicKey = "mJP+zzYGv42KItpSf3lMkr3dwa5xW3n3hi0W2Z75jfJ";
};
2023-01-26 21:29:47 +01:00
robi = {
addresses = [{ address = "144.76.13.147"; }];
subnets = [{ address = hosts.robi; }];
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
};
};
};
2022-10-13 10:51:21 +02:00
};
2023-01-26 21:29:47 +01:00
systemd.network.enable = true;
systemd.network.networks.${network}.extraConfig = ''
[Match]
Name = tinc.${network}
[Link]
# tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be
MTUBytes=1377
[Network]
${optionalString (ipv4 != null) "Address=${ipv4}/24"}
${optionalString (ipv6 != null) "Address=${ipv6}/28"}
RequiredForOnline = no
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
services.openssh.knownHosts = {
"robi" = {
hostNames = [ "robi.${network}" hosts.robi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
};
"sterni.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
};
2023-02-13 18:40:56 +01:00
"cream.${network}" = {
hostNames = [ "cream.${network}" hosts.cream ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
};
2023-01-26 21:29:47 +01:00
"pepe.${network}" = {
hostNames = [ "pepe.${network}" hosts.pepe ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
};
2023-04-30 00:47:46 +02:00
"chungus.${network}" = {
hostNames = [ "chungus.${network}" hosts.chungus ];
2023-05-01 15:21:15 +02:00
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9jrbOJbgapreRjttyOKWv5vxGMThn7kAwlk8WnSyL9";
2023-04-30 00:47:46 +02:00
};
2023-01-26 21:29:47 +01:00
"bobi.${network}" = {
hostNames = [ "bobi.${network}" hosts.bobi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk";
};
"mobi.${network}" = {
hostNames = [ "mobi.${network}" hosts.mobi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk";
2022-10-13 10:51:21 +02:00
};
};
}