2023-01-26 21:29:47 +01:00
|
|
|
{ ipv4
|
|
|
|
|
, ipv6
|
|
|
|
|
, config
|
|
|
|
|
, optionalString
|
|
|
|
|
, concatStringsSep
|
|
|
|
|
, mapAttrsToList
|
|
|
|
|
, ...
|
|
|
|
|
}:
|
|
|
|
|
let
|
|
|
|
|
port = 721;
|
|
|
|
|
hosts = {
|
2024-03-03 14:56:49 +01:00
|
|
|
cherry = "10.123.42.29";
|
2023-02-13 18:40:56 +01:00
|
|
|
cream = "10.123.42.27";
|
2023-01-26 21:29:47 +01:00
|
|
|
robi = "10.123.42.123";
|
2024-03-03 14:56:49 +01:00
|
|
|
sternchen = "10.123.42.25";
|
|
|
|
|
sterni = "10.123.42.24";
|
2023-01-26 21:29:47 +01:00
|
|
|
};
|
|
|
|
|
network = "secret";
|
|
|
|
|
in
|
2022-10-13 10:51:21 +02:00
|
|
|
{
|
2023-01-26 21:29:47 +01:00
|
|
|
sops.secrets.tinc_ed25519_key = { };
|
2022-10-13 10:51:21 +02:00
|
|
|
|
2023-01-26 21:29:47 +01:00
|
|
|
services.tinc.networks = {
|
|
|
|
|
${network} = {
|
|
|
|
|
ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
LocalDiscovery = yes
|
|
|
|
|
Port = ${toString port}
|
|
|
|
|
'';
|
|
|
|
|
hostSettings = {
|
|
|
|
|
sternchen = {
|
2023-02-13 18:40:56 +01:00
|
|
|
subnets = [{ address = hosts.sternchen; }];
|
2023-01-26 21:29:47 +01:00
|
|
|
settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
|
|
|
|
|
};
|
2023-02-13 18:40:56 +01:00
|
|
|
cream = {
|
|
|
|
|
subnets = [{ address = hosts.cream; }];
|
2023-08-14 03:29:02 +02:00
|
|
|
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
|
2023-02-13 18:40:56 +01:00
|
|
|
};
|
2024-03-03 14:56:49 +01:00
|
|
|
cherry = {
|
|
|
|
|
subnets = [{ address = hosts.cherry; }];
|
|
|
|
|
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
|
|
|
|
|
};
|
2023-01-26 21:29:47 +01:00
|
|
|
sterni = {
|
|
|
|
|
subnets = [{ address = hosts.sterni; }];
|
|
|
|
|
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
|
|
|
|
|
};
|
|
|
|
|
robi = {
|
|
|
|
|
addresses = [{ address = "144.76.13.147"; port = port; }];
|
|
|
|
|
subnets = [{ address = hosts.robi; }];
|
|
|
|
|
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
|
|
|
|
|
};
|
2022-10-13 10:51:21 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-01-26 21:29:47 +01:00
|
|
|
systemd.network.enable = true;
|
|
|
|
|
systemd.network.networks.${network}.extraConfig = ''
|
|
|
|
|
[Match]
|
|
|
|
|
Name = tinc.${network}
|
|
|
|
|
[Link]
|
|
|
|
|
# tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be
|
|
|
|
|
MTUBytes=1377
|
|
|
|
|
[Network]
|
|
|
|
|
${optionalString (ipv4 != null) "Address=${ipv4}/24"}
|
|
|
|
|
${optionalString (ipv6 != null) "Address=${ipv6}/28"}
|
|
|
|
|
RequiredForOnline = no
|
|
|
|
|
LinkLocalAddressing = no
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
|
2022-10-13 10:51:21 +02:00
|
|
|
|
2023-01-26 21:29:47 +01:00
|
|
|
services.openssh.knownHosts = {
|
2023-08-14 03:29:02 +02:00
|
|
|
"cream.${network}" = {
|
|
|
|
|
hostNames = [ "cream.${network}" hosts.cream ];
|
|
|
|
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
|
|
|
|
|
};
|
2023-01-26 21:29:47 +01:00
|
|
|
"sternchen.${network}" = {
|
|
|
|
|
hostNames = [ "sterni.${network}" hosts.sterni ];
|
|
|
|
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
|
|
|
|
|
};
|
|
|
|
|
"sterni.${network}" = {
|
|
|
|
|
hostNames = [ "sterni.${network}" hosts.sterni ];
|
|
|
|
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
|
|
|
|
|
};
|
|
|
|
|
"robi" = {
|
|
|
|
|
hostNames = [ "robi.${network}" hosts.robi ];
|
|
|
|
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
}
|
