nixos-config/nixos/components/network/tinc/private.nix

47 lines
1.3 KiB
Nix
Raw Normal View History

2022-10-13 10:51:21 +02:00
{ config, lib, pkgs, ... }:
{
networking.firewall.trustedInterfaces = [ "tinc.private" ];
users.groups."tinc.private" = { };
users.users."tinc.private" = {
group = "tinc.private";
isSystemUser = lib.mkDefault true;
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
module.cluster.services.tinc."private" = {
networkSubnet = "10.23.42.0/24";
extraConfig = ''
LocalDiscovery = yes
'';
privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = {
pepe = {
tincIp = "10.23.42.26";
publicKey = lib.fileContents ../../../assets/tinc/pepe_host_file;
};
sterni = {
tincIp = "10.23.42.24";
publicKey = lib.fileContents ../../../assets/tinc/workout_host_file;
};
mobi = {
tincIp = "10.23.42.23";
publicKey = lib.fileContents ../../../assets/tinc/mobi_host_file;
};
2022-10-19 13:16:24 +02:00
bobi = {
2023-01-18 11:10:21 +01:00
tincIp = "10.23.42.25";
2022-10-19 13:16:24 +02:00
publicKey = lib.fileContents ../../../assets/tinc/bobi_host_file;
};
2022-10-13 10:51:21 +02:00
robi = {
realAddress = [ "144.76.13.147" ];
tincIp = "10.23.42.111";
publicKey = lib.fileContents ../../../assets/tinc/robi_host_file;
};
};
};
}