nixos-config/system/all/tinc.nix

135 lines
4.2 KiB
Nix
Raw Normal View History

2019-10-24 02:20:38 +02:00
{ config, pkgs, lib, ... }:
let
retiolum = pkgs.fetchgit {
url = "https://github.com/krebs/retiolum.git";
rev = "9e626816d8a48c6c328a91f0601af35a5ef0d167";
sha256 = "0z2b1pd7ki9wbz2079arygv83ckhqsijllj25iy64lgxk6arvbla";
};
2019-12-20 05:54:26 +01:00
in {
2019-10-24 02:20:38 +02:00
imports = [ <modules> ];
networking.firewall.trustedInterfaces = [ "tinc.private" ];
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
module.cluster.services.tinc = {
"retiolum" = {
networkSubnet = "10.243.0.0/16";
port = 720;
extraConfig = ''
LocalDiscovery = yes
AutoConnect = yes
'';
privateEd25519KeyFile = toString <secrets/tinc/retiolum/ed25519_key>;
privateRsaKeyFile = toString <secrets/tinc/retiolum/rsa_key>;
hosts = {
pepe = {
tincIp = "10.243.23.1";
2019-12-20 05:54:26 +01:00
publicKey = lib.fileContents <assets/tinc/retiolum/host_file>;
2019-10-24 02:20:38 +02:00
};
sterni = {
tincIp = "10.243.23.3";
2019-12-20 05:54:26 +01:00
publicKey = lib.fileContents <assets/tinc/retiolum/host_file>;
2019-10-24 02:20:38 +02:00
};
workhorse = {
tincIp = "10.243.23.5";
2019-12-20 05:54:26 +01:00
publicKey = lib.fileContents <assets/tinc/retiolum/host_file>;
2019-10-24 02:20:38 +02:00
};
workout = {
tincIp = "10.243.23.4";
2019-12-20 05:54:26 +01:00
publicKey = lib.fileContents <assets/tinc/retiolum/host_file>;
2019-10-24 02:20:38 +02:00
};
};
};
2020-01-24 11:19:48 +01:00
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
2020-02-03 03:38:22 +01:00
"insecure" = {
networkSubnet = "10.123.42.0/24";
port = 721;
extraConfig = ''
LocalDiscovery = yes
AutoConnect = yes
'';
privateEd25519KeyFile = toString <secrets/tinc/ed25519_key>;
privateRsaKeyFile = toString <secrets/tinc/rsa_key>;
hosts = {
sterni = {
tincIp = "10.123.42.24";
# publicKey = lib.fileContents <assets/tinc/sterni_host_file>;
publicKey = lib.fileContents <assets/tinc/workout_host_file>;
};
porani = {
tincIp = "10.123.42.31";
publicKey = lib.fileContents <assets/tinc/porani_host_file>;
};
workhorse = {
tincIp = "10.123.42.21";
publicKey = lib.fileContents <assets/tinc/workhorse_host_file>;
};
sputnik = {
2020-02-03 05:21:27 +01:00
realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ];
2020-02-03 03:38:22 +01:00
tincIp = "10.123.42.122";
publicKey = lib.fileContents <assets/tinc/sputnik_host_file>;
};
};
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
2019-10-24 02:20:38 +02:00
"private" = {
networkSubnet = "10.23.42.0/24";
extraConfig = ''
LocalDiscovery = yes
'';
privateEd25519KeyFile = toString <secrets/tinc/ed25519_key>;
privateRsaKeyFile = toString <secrets/tinc/rsa_key>;
hosts = {
workout = {
tincIp = "10.23.42.27";
2019-12-20 05:54:26 +01:00
publicKey = lib.fileContents <assets/tinc/workout_host_file>;
2019-10-24 02:20:38 +02:00
};
pepe = {
tincIp = "10.23.42.26";
2019-12-20 05:54:26 +01:00
publicKey = lib.fileContents <assets/tinc/pepe_host_file>;
2019-10-24 02:20:38 +02:00
};
sterni = {
tincIp = "10.23.42.24";
# publicKey = lib.fileContents <assets/tinc/sterni_host_file>;
2019-12-20 05:54:26 +01:00
publicKey = lib.fileContents <assets/tinc/workout_host_file>;
2019-10-24 02:20:38 +02:00
};
2020-01-24 11:19:48 +01:00
mobi = {
tincIp = "10.23.42.23";
publicKey = lib.fileContents <assets/tinc/mobi_host_file>;
};
2020-02-03 05:21:27 +01:00
#porani = {
# tincIp = "10.23.42.31";
# publicKey = lib.fileContents <assets/tinc/porani_host_file>;
#};
2019-10-24 02:20:38 +02:00
workhorse = {
tincIp = "10.23.42.21";
2019-12-20 05:54:26 +01:00
publicKey = lib.fileContents <assets/tinc/workhorse_host_file>;
2019-10-24 02:20:38 +02:00
};
sputnik = {
realAddress = [
2020-04-12 13:36:15 +02:00
"195.201.134.247"
"195.201.134.247:443"
2020-03-21 09:36:49 +01:00
"static.247.134.201.195.clients.your-server.de"
2019-10-24 02:20:38 +02:00
"static.247.134.201.195.clients.your-server.de:443"
];
tincIp = "10.23.42.122";
2019-12-20 05:54:26 +01:00
publicKey = lib.fileContents <assets/tinc/sputnik_host_file>;
2019-10-24 02:20:38 +02:00
};
};
};
};
# retiolum stuff
networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
systemd.services."tinc.retiolum" = {
preStart = ''
cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true
'';
};
}