nixos-config/nixos/components/network/tinc/private.nix

{ config, lib, pkgs, ... }:

{

  networking.firewall.trustedInterfaces = [ "tinc.private" ];

  users.groups."tinc.private" = { };
  users.users."tinc.private" = {
    group = "tinc.private";
    isSystemUser = lib.mkDefault true;
  };

  # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
  module.cluster.services.tinc."private" = {
    networkSubnet = "10.23.42.0/24";
    extraConfig = ''
      LocalDiscovery = yes
    '';
    privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
    privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
    hosts = {
      pepe = {
        tincIp = "10.23.42.26";
        publicKey = lib.fileContents ../../../assets/tinc/pepe_host_file;
      };
      sterni = {
        tincIp = "10.23.42.24";
        publicKey = lib.fileContents ../../../assets/tinc/workout_host_file;
      };
      mobi = {
        tincIp = "10.23.42.23";
        publicKey = lib.fileContents ../../../assets/tinc/mobi_host_file;
      };
      robi = {
        realAddress = [ "144.76.13.147" ];
        tincIp = "10.23.42.111";
        publicKey = lib.fileContents ../../../assets/tinc/robi_host_file;
      };
    };
  };

}
moved tinc to components/tinc 2022-10-13 10:51:21 +02:00			`{ config, lib, pkgs, ... }:`

			`{`

			`networking.firewall.trustedInterfaces = [ "tinc.private" ];`

			`users.groups."tinc.private" = { };`
			`users.users."tinc.private" = {`
			`group = "tinc.private";`
			`isSystemUser = lib.mkDefault true;`
			`};`

			`# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"`
			`module.cluster.services.tinc."private" = {`
			`networkSubnet = "10.23.42.0/24";`
			`extraConfig = ''`
			`LocalDiscovery = yes`
			`'';`
			`privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;`
			`privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;`
			`hosts = {`
			`pepe = {`
			`tincIp = "10.23.42.26";`
			`publicKey = lib.fileContents ../../../assets/tinc/pepe_host_file;`
			`};`
			`sterni = {`
			`tincIp = "10.23.42.24";`
			`publicKey = lib.fileContents ../../../assets/tinc/workout_host_file;`
			`};`
			`mobi = {`
			`tincIp = "10.23.42.23";`
			`publicKey = lib.fileContents ../../../assets/tinc/mobi_host_file;`
			`};`
			`robi = {`
			`realAddress = [ "144.76.13.147" ];`
			`tincIp = "10.23.42.111";`
			`publicKey = lib.fileContents ../../../assets/tinc/robi_host_file;`
			`};`
			`};`
			`};`

			`}`