moved tinc to components/tinc

This commit is contained in:
Ingolf Wagner 2022-10-13 10:51:21 +02:00
parent 7177106c20
commit 13b0b83d9f
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
10 changed files with 128 additions and 113 deletions

View file

@ -2,5 +2,7 @@
{ {
imports = [ imports = [
./sshd ./sshd
./tinc
./hosts.nix
]; ];
} }

View file

@ -0,0 +1,14 @@
{
imports = [
./private.nix
./retiolum.nix
./secret.nix
];
# keys for secret and private tinc network
sops.secrets.tinc_ed25519_key = { };
sops.secrets.tinc_rsa_key = { };
}

View file

@ -0,0 +1,42 @@
{ config, lib, pkgs, ... }:
{
networking.firewall.trustedInterfaces = [ "tinc.private" ];
users.groups."tinc.private" = { };
users.users."tinc.private" = {
group = "tinc.private";
isSystemUser = lib.mkDefault true;
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
module.cluster.services.tinc."private" = {
networkSubnet = "10.23.42.0/24";
extraConfig = ''
LocalDiscovery = yes
'';
privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = {
pepe = {
tincIp = "10.23.42.26";
publicKey = lib.fileContents ../../../assets/tinc/pepe_host_file;
};
sterni = {
tincIp = "10.23.42.24";
publicKey = lib.fileContents ../../../assets/tinc/workout_host_file;
};
mobi = {
tincIp = "10.23.42.23";
publicKey = lib.fileContents ../../../assets/tinc/mobi_host_file;
};
robi = {
realAddress = [ "144.76.13.147" ];
tincIp = "10.23.42.111";
publicKey = lib.fileContents ../../../assets/tinc/robi_host_file;
};
};
};
}

View file

@ -0,0 +1,34 @@
{ config, pkgs, lib, retiolum, ... }:
{
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
module.cluster.services.tinc."retiolum" = {
networkSubnet = "10.243.0.0/16";
port = 720;
extraConfig = ''
LocalDiscovery = yes
AutoConnect = yes
'';
privateEd25519KeyFile = toString config.sops.secrets.tinc_retiolum_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_retiolum_rsa_key.path;
hosts = {
pepe = {
tincIp = "10.243.23.1";
publicKey = lib.fileContents ../../../assets/tinc/retiolum/host_file;
};
sterni = {
tincIp = "10.243.23.3";
publicKey = lib.fileContents ../../../assets/tinc/retiolum/host_file;
};
};
};
networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
systemd.services."tinc.retiolum" = {
preStart = ''
cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true
'';
};
}

View file

@ -0,0 +1,33 @@
{ config, pkgs, lib, ... }:
{
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
module.cluster.services.tinc."secret" = {
networkSubnet = "10.123.42.0/24";
port = 721;
extraConfig = ''
LocalDiscovery = yes
AutoConnect = yes
'';
privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = {
sternchen = {
tincIp = "10.123.42.25";
publicKey = lib.fileContents ../../../assets/tinc/sternchen_host_file;
};
sterni = {
tincIp = "10.123.42.24";
publicKey = lib.fileContents ../../../assets/tinc/workout_host_file;
};
robi = {
realAddress = [ "144.76.13.147" ];
tincIp = "10.123.42.123";
publicKey = lib.fileContents ../../../assets/tinc/robi_host_file;
};
};
};
}

View file

@ -8,7 +8,9 @@
../../system/server/packages.nix ../../system/server/packages.nix
../../components/network/sshd ../../components/network/sshd
../../system/all/tinc.nix ../../components/network/tinc
../../modules
./hetzner.nix ./hetzner.nix

View file

@ -1,7 +1,5 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, ... }: {
imports = [ ../../system/all/tinc.nix ];
module.cluster.services.tinc = { module.cluster.services.tinc = {
"private" = { "private" = {
enable = true; enable = true;
@ -15,9 +13,6 @@
}; };
}; };
#sops.secrets.tinc_retiolum_ed25519_key = { };
#sops.secrets.tinc_retiolum_rsa_key = { };
users.users."tinc.secret".group = "tinc.secret"; users.users."tinc.secret".group = "tinc.secret";
users.groups."tinc.secret" = { }; users.groups."tinc.secret" = { };

View file

@ -21,9 +21,7 @@
./borg-jobs.nix ./borg-jobs.nix
./borg-scripts.nix ./borg-scripts.nix
./syncthing.nix ./syncthing.nix
./tinc.nix
./on-failure.nix ./on-failure.nix
./hosts.nix
]; ];

View file

@ -1,105 +0,0 @@
{ config, pkgs, lib, retiolum, ... }:
{
imports = [ ../../modules ];
networking.firewall.trustedInterfaces = [ "tinc.private" ];
users.users."tinc.private".group = "tinc.private";
users.groups."tinc.private" = { };
users.users."tinc.private".isSystemUser = lib.mkDefault true;
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
module.cluster.services.tinc = {
"retiolum" = {
networkSubnet = "10.243.0.0/16";
port = 720;
extraConfig = ''
LocalDiscovery = yes
AutoConnect = yes
'';
privateEd25519KeyFile =
toString config.sops.secrets.tinc_retiolum_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_retiolum_rsa_key.path;
hosts = {
pepe = {
tincIp = "10.243.23.1";
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
};
sterni = {
tincIp = "10.243.23.3";
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
};
};
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
"secret" = {
networkSubnet = "10.123.42.0/24";
port = 721;
extraConfig = ''
LocalDiscovery = yes
AutoConnect = yes
'';
privateEd25519KeyFile =
toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = {
sternchen = {
tincIp = "10.123.42.25";
publicKey = lib.fileContents ../../assets/tinc/sternchen_host_file;
};
sterni = {
tincIp = "10.123.42.24";
publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
};
robi = {
realAddress = [ "144.76.13.147" ];
tincIp = "10.123.42.123";
publicKey = lib.fileContents ../../assets/tinc/robi_host_file;
};
};
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
"private" = {
networkSubnet = "10.23.42.0/24";
extraConfig = ''
LocalDiscovery = yes
'';
privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = {
pepe = {
tincIp = "10.23.42.26";
publicKey = lib.fileContents ../../assets/tinc/pepe_host_file;
};
sterni = {
tincIp = "10.23.42.24";
publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
};
mobi = {
tincIp = "10.23.42.23";
publicKey = lib.fileContents ../../assets/tinc/mobi_host_file;
};
robi = {
realAddress = [ "144.76.13.147" ];
tincIp = "10.23.42.111";
publicKey = lib.fileContents ../../assets/tinc/robi_host_file;
};
};
};
};
sops.secrets.tinc_ed25519_key = { };
sops.secrets.tinc_rsa_key = { };
# retiolum stuff
networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
systemd.services."tinc.retiolum" = {
preStart = ''
cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true
'';
};
}