2020-01-06 06:37:25 +01:00
|
|
|
# shared tinc file between client and server
|
|
|
|
{ config, pkgs, lib, ... }:
|
2020-01-10 06:45:44 +01:00
|
|
|
let nixosMachines = import <test-generated/nixos-machines.nix>;
|
2020-01-07 05:47:25 +01:00
|
|
|
in {
|
2020-01-06 06:37:25 +01:00
|
|
|
|
2020-01-10 06:45:44 +01:00
|
|
|
imports = [ <cluster-module> ];
|
2020-01-06 06:37:25 +01:00
|
|
|
|
|
|
|
networking.firewall.trustedInterfaces = [ "tinc.private" ];
|
|
|
|
|
|
|
|
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
|
|
|
module.cluster.services.tinc = {
|
|
|
|
"test" = {
|
|
|
|
networkSubnet = "10.123.142.0/24";
|
|
|
|
extraConfig = ''
|
|
|
|
LocalDiscovery = yes
|
|
|
|
'';
|
2020-01-07 05:47:25 +01:00
|
|
|
privateEd25519KeyFile = toString <test-assets/tinc/ed25519_key>;
|
|
|
|
privateRsaKeyFile = toString <test-assets/tinc/rsa_key>;
|
2020-01-06 06:37:25 +01:00
|
|
|
hosts = {
|
|
|
|
server = {
|
|
|
|
tincIp = "10.123.142.1";
|
2020-01-10 06:45:44 +01:00
|
|
|
realAddress = [ nixosMachines.nixserver-server.host.ipv4 ];
|
2020-01-07 05:47:25 +01:00
|
|
|
publicKey = lib.fileContents <test-assets/tinc/server_host_file>;
|
2020-01-06 06:37:25 +01:00
|
|
|
};
|
2020-01-07 05:47:25 +01:00
|
|
|
sterni = {
|
2020-01-06 06:37:25 +01:00
|
|
|
tincIp = "10.123.142.100";
|
2020-01-07 05:47:25 +01:00
|
|
|
publicKey = lib.fileContents <test-assets/tinc/server_host_file>;
|
2020-01-06 06:37:25 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|