palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

migrate to upstream tinc

Browse source
This commit is contained in:
Ingolf Wagner 2023-01-26 21:29:47 +01:00
parent 987f7704a5
commit 2f94ee46c8
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
32 changed files with 228 additions and 518 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
flake.lock
View file

@ -19,21 +19,6 @@
"type": "github" "type": "github"
} }
}, },
"cluster-module": {
"locked": {
"lastModified": 1635790675,
"narHash": "sha256-hWwS/sX46dEIw+swRfB8KZq0T/gDpryswTkZy5n0BAc=",
"owner": "mrvandalo",
"repo": "module.cluster",
"rev": "299f5e9f4d9faa2abce40ae853601e11eecd7383",
"type": "github"
},
"original": {
"owner": "mrvandalo",
"repo": "module.cluster",
"type": "github"
}
},
"colmena": { "colmena": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -895,7 +880,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"cluster-module": "cluster-module",
"colmena": "colmena", "colmena": "colmena",
"doom-emacs-nix": "doom-emacs-nix", "doom-emacs-nix": "doom-emacs-nix",
"emacs-overlay": "emacs-overlay_2", "emacs-overlay": "emacs-overlay_2",

6
flake.nix
View file

@ -42,10 +42,6 @@
url = "github:mrvandalo/home-manager-utils"; url = "github:mrvandalo/home-manager-utils";
inputs.home-manager.follows = "home-manager"; inputs.home-manager.follows = "home-manager";
}; };
cluster-module = {
url = "github:mrvandalo/module.cluster";
#url = "git+file:///home/palo/dev/nixos/module.cluster";
};
nixpkgs-fmt = { nixpkgs-fmt = {
url = "github:nix-community/nixpkgs-fmt"; url = "github:nix-community/nixpkgs-fmt";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -75,7 +71,6 @@
outputs = outputs =
{ self { self
, cluster-module
, colmena , colmena
, doom-emacs-nix , doom-emacs-nix
, emacs-overlay , emacs-overlay
@ -170,7 +165,6 @@
]; ];
imports = [ imports = [
./nixos/machines/${name}/configuration.nix ./nixos/machines/${name}/configuration.nix
cluster-module.nixosModules.tinc
(sopsModule name) (sopsModule name)
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
permown.nixosModules.permown permown.nixosModules.permown

14
nixos/assets/tinc/bobi_host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA4N0Pm09nePnlTUtmJLVTxEP41i+9kd4tke6KjG+PIbGI0xrgZJBX
sP6wK3vf5q3PZp6U3a452SjzSWKQtjXA94Zmr4HaWqYQJPtJlJcsNeWbx/I0WoaA
918iltvgkLkPKITZ1Gp6iYtKjIn2vxOKv+Pm/YYSRGB4RE3GE5M7TVcitnC89lxm
bK8GAnUs4xUXE4DWund0h81j7XWJpF6T3N3+rlCrfmEfYYmSYg2DRkprGHvAVP26
kWzjei9sIfPVgL0iSprOxqfAw/3Sz0uk3Ny6YvsJU+N4e8QTKQTi75XlkAWbG9OF
P1+1xFDX3d0MdPPNq2c6hHI4VmTMDYVqMPztZNOOKKe+GWBtz/Mlbb55cccNECYA
eVrAkhgUqjFF2lOFK1j7Ivf8ogETUcYRCEaLEZyf5Q+DuHkGzct1DBVEKn23dR2E
B8eDm4ap4YxmrZymPbbl5IUyc/d9pmm04MFWMOifDlw5KEH3+ia93ma3ByBI3UjP
kAg8po3rh3WWjpI26E8icjSjkJ7f1rRsEWmNAf54JwPHkWBZIoUufVxvMNZ9PXn9
7GdP2Z7z+Tn6zUDA62Z9DRDmRGEnuDio450dNMP6ZNWj6leYBbnkP5JtfpRymVKW
GVJfpMwSlf/qP00Jd0WQQyICKQOIns+4jzCvRcOLzSaPj7OvgVUnx00CAwEAAQ==
-----END RSA PUBLIC KEY-----

14
nixos/assets/tinc/mobi_host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxubIDrvtrZ6fKPkuwQ+sK6YlToTfVtg3HCTOR7iDf47arkuG3dTb
BgnkbB/8+KzztaYLQoLnGFugxKKtMGBvMGCo6YLtxrjuaz3aDmhpmGCJh80r80/i
8WWg1CAkboKHmaiFpS/LBxAWQUGP+YJSoTLuDwtd794wX9MxLh4x5uGRp4rCj9+4
DdGemLZkZz6Je+cBkf8qrw1Dr8CPiJk47a7bZhyKVnQ3PyvrGOjFolfcI22xp8j3
7y55DIMWhVsm6EWFK4/pzAqi9JdRd7xy8c9WRIcAHJDlSdf+ERbIjUDJC8fgMlNl
UII0SqLnBscIbqz2dMuoldeqg9S1fOiTekReLJqpLmAIn+iwpT8KW5QaESu2eh6M
Ok0sJ8A+aphuZ+FDd2FUmWQiENnPzFGYQ/SuNAA7hR5plSCbjpodulNQFY93I8y3
vRru6rm/ac+7SehWPBgHGl12UJluvHn32Q85bJ2vdtn9ONgcOdjSLA58nzfc1hv/
OA5MzIJTvDJqwjZew8A/pyz6kxrGBqnXCzzt46tvj0yZ/VhIgL3qDTR/wzRV3N14
3Z7TToIQKBPSYNxxCEHXxVQb8oWdGzeE7X52iFeYKhxj+ikZxkoXhCgIRYrDBQ0k
lnpJU+fbeFddZ4bAdqPxVT+perK33Wzgp9s4+KLh8ldpcRm8S29sNIcCAwEAAQ==
-----END RSA PUBLIC KEY-----

14
nixos/assets/tinc/pepe_host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = LnE+w6ZfNCky4Kad3TBxpFKRJ2PJshkSpW6mC3pcsPI
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAmAyz71GoQq2Mn4XeUVcN9yfgxeWT57li7i6Te9lq7OVAXQ+CBtD3
puTMrW3/LXOIS678E2iMYPmdQzMZLmADi8+ZrXOqX98uceNv5bPrTJF0z/RA9Tif
kfh78GcJCGHmZz+GGWu1ExtSa5ekBdamEtehW6vAGbrPM6Umu9B2UCn8zaSx+RGe
Y7Z81wO21+ywUorMPTbHeuPYZW+Z8L+QKHO9NdYhzZ9zMPeVMi0x/mwIZqXJ57Wz
57nx0rrPh+e+5cj3Jh+i4HC76mxPGCyCdvf+60d7W87UZxPqRiTLt2SwgltEKf56
jBsVeOb5Fjzb6LcNGWfF8zNh0w6rAQsG4W7l93VlerTd46GtG2XW42JkGhuKb8JJ
L1olPUmbcDbxlQGGUNaI7thAzubszAzinqyat3oU8NjgDJJIueHLmo752RW+yHUY
giyRSBYtDRM9cE3s848WsToO5BtjXLkg/rC4WIWX2MNJFsAZXzfHWDmae+ajpoVy
Gl6tGYbLhjd8KtSWB9kB0OWsV56f4KmWeRxHwTgylMO30l6v+XRdnoRUAp9wj8dV
c6HJHnn5b2q4dk+qwWOYgwvpRFnSixbCCT4PoedEU9xVOzLmzxRtGmkzPsOXEOj5
6r4Jvk0jw2LTkhEVX1CPblTrGpms9NO02SXNHkF/Akw7PGuJu+w3HZUCAwEAAQ==
-----END RSA PUBLIC KEY-----

14
nixos/assets/tinc/porani_host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = 9JI8y56NWiKMRS6g/k2H3VgTEw0q+8UEDDJdiCjOl8O
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA4Ff6XRvf83XSuWUkb70Yz+cWo1/dq4LBh5ZG7SJypdIXYnWQpQJc
sLRfAS6nJZ6VixNADx7A03c8TdADVaAgl591rLd4CSzM22EgaOFstU2VO/MfMKHf
v+WUQsrTE6CQ48SW+MDbSZZ7M7FRa/A6hwqZc5qygxdG/tgTei9pmTfqW+ZdQBWl
IeCCINiNSA/fD+FjWXslZIFRZ5sQ7AYZJgL2nFAueY+cKtRZy3tcDL1v6mhDdIrE
h8JjEUiayQDGnWmBlflLqE3ODqEsEKoL6W7epqK6PcwvZQxSNwrZe/wzH3oTC43m
Yg7TQGr0v3SnSziXv3cJvcHfwr9+huo37wTbUJNmozGpI8nLszfUTEIfhbu2ODQv
R2iM7FJcE4wV48y9aybEnESKA0vsjgI23RIQfxkN0oii7L6NAZVHgl/JJBOtCMXf
V5uXAdOtkv9UvfofrrV0uahncvbz5efPTSPF8fS5EiwzWfDUW6KHrp/9+gDcnirn
H8HvmmNVeOGWA1xlrKgi8kiBHv5BxCXfurD0aD6ZIlxdLjJCvGfnLnJZ6gr//GAf
1BJJVei98uZzihNe4VbRF6Iaphns1KezsdygMsEV9gDIJw3IIqTukcUK7AcBXhb4
IJ792j2iRwUOyiAcUYLeVYzAt3xFN6wPNcC/Opdo6TVbdMZu2uS1ZN8CAwEAAQ==
-----END RSA PUBLIC KEY-----

14
nixos/assets/tinc/retiolum/host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = kc1SACqsoYjk5GimZfP+eszfJmUzZkMQhWeW42UKjfL
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE
8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4
oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/
ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD
ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ
ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu
MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL
rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo
sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1
EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH
yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ==
-----END RSA PUBLIC KEY-----

14
nixos/assets/tinc/robi_host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA1wwdd6+Qgn7fiC5C5ueeAsgfG6LlP+5zfb2r8/RZzFkKK+wX0QRx
6i3Dm0SwAvkKYKowEHhpDg941CrkuTGN2wnKvxoUNvaAe+RBK2EZM3xPh0eTP33T
igNEHAcdHlgwd3aaNRmYxC41uUlAjD8JPkQ14yAvi4ZMeDRGQxw3on7Mx8NBwgDp
V2F45c9WpYzaocPCREQE7xLpY3prYpOljqd3hGnBQjdruxnAtIh7nb1SSlMci4RT
Y2d6aOCiDKgtqrPtMSWp0RkuhIlT17AK1b/5+TE4vzcFNkt6xQJnH2rm7D9niXZ2
+yzl5DsVONk4z29MnEInqzcVY8m6iypjjntBTkHtFWJc4ZMnJC9FBt7il4V2NL+/
T7uHV1KDFwRZOtfd0WWlgpg3HsZLc+pmZNl77bggcc56+t3FC5UPZKMEEmU7TYtp
jIPYnOV9C7ReaOpYvHJi/6NrtYUjBd2XbtD959cTFR9PpXMaNWh2R8+K7r/tFZrG
q252aCc51J+JegfnhtTfOfPPn7BHV+ZsSQBjMrxz29igOlMPnyOvaxB4mxf6ipoX
HDY7QnQ82HTZCGQ3vPVEgNz0MfsZU0VocazOYOh3RpKBbKaYqo1i8PqKpqfjC7aR
AdbrqBXGFcBbXkna3BQDS4xmK35sUG08OR1g24uiNFKzy8rK+xcp790CAwEAAQ==
-----END RSA PUBLIC KEY-----

14
nixos/assets/tinc/sputnik_host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = ZK9iznseTpMqjaMgDJ7MdjYaq62QlEOFquLfVxlLpFK
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAzBU8x9aB7F3sPJlcg9avJiSrsAoTHsMkfk6uRKFVjUjuNJgb3rjW
gyQ7krftLAyxLkTYJzpD+4D+qWiudEgju7W+BU65/hudMIvBmbRYqXmcQlD9B9Pv
0bVAazHJ80wN8GJD060Wq6XTtkrtAJhPmQSyMt0xU4WmWw/39QBX9rWtOTy75813
qrfuv1I11YcVQ3jegPLUIzlZqz6LeouCXiP7IRIa+WUXIwAdAYtO/RJC+tty6zyI
BXNd0Mkvpf0Qaw5joQJRXkdb1sWHOZYh75JW1QWqFMWCclkGG7/Dve4KzuO9N5XZ
ZMs/MCtDkJQpweNDT3aaiqZa8Oj29OXs4HR4FFrvYkY+qqmKCUqS70FYLo45uNx1
sRb7GKX8/dsPyOGHfXDuFTSXsKLh9gNLMlF/kuTQ2yJMfeMKdC5jDClL145Fm0ux
akH/PWSS9DENxSu0GH1sTQnLyhc4mVzOehu1XfR9EALjYY0BNBUir7aAaiLTCbq9
LKwMaF/D467W3j3Zp5xEAsf8xYC2CyMl1Df43zxcxLY+3K8/kUM2rkU7ocl2VT3o
7yNC+JqQz41n4SDOXBZc6cfxUXj2MqqEw9Ywgs+aXZiSCaVOulhyXj0TSE1mX1NI
woDHEzyx7q4AryQOWQsLq5JimI0v2/xN2yz+cNXoetDypjEWnws4e/ECAwEAAQ==
-----END RSA PUBLIC KEY-----

14
nixos/assets/tinc/sternchen_host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA1vhCFsFK0QSYDlXSS6ngpZbilplYtaPBzbxWYGAxa5vNtwoaO2Tz
BZ4ptvE26TR2+Jygvlk5xdoNYAL/yhNI9p86vs/pA+sJmBlsYAWOA5qAnXoIL2u4
1CBB9t+uMnQKhyPoBoDq6QXmM1HlFhxtkKVlLyEHxARxu7g/inFtghPqYD/HyjVJ
V6h9OdKEgY+wcn6GGLXGjrSMAsIZP2w8fPQfS45UAtjK+cFODFKElxGZrjqgJP1w
/Jw6nB03yKMGsMHNkiwC2BJbK3+pT92JfyqXRg3REw0hVMZghcsoNtWfBoNYLvFY
qwk+bvf5bVdLxLMEv33+B3F8SScXuwMUpBwCeMi58ltt+OuOVhh8PLA9ncA6tGa9
tzyUo7i8qjGTremSilWIdRYqOexriPKCdnYcJcw/L9Vl2H3QbIj7uVxbszQbqDGS
KM43U5cXgpMIYI9CwxnWB8np7n/IXZFG5E+9afd4kYTLShzaObzu2I1yom0O4Ks7
HsdvlsBgv4iT6ctquHtU6IFsa/Wfm4ntDiAcczoQEXs0F2v839FH62TPTY70xzyd
wQhAdCegb6MYVmVmQL9jv8QDfxwUxtsohbW3ncBDYrdy2rmeiZDGaRJVEbyf6MKI
OfaobRGXY0NnOURX9/fkXSydDKd3rIhOMubfUq0+Smm3YrsHWeZVvNMCAwEAAQ==
-----END RSA PUBLIC KEY-----

14
nixos/assets/tinc/sterni_host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = Hm+YwSe6XiRNQD4HfJPgTB8UFVMyVi0vy+3ofMnW6jD
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAu7Ajx9+mEaDK/ASZ5hoVj3X3IkWl+8MAhmj7dwnhqc4YrPrvwKE4
cOnVcEUp4K4pyIHUG8zhsesstfpu/0owLQaz8Cekr4CyQWsjDfi7K/QiAN+v2O2m
DQOjrYzDvRyBa20A2MnO1kZU/aFHE9qcIHefZhQUZyv97j+QcsE/FDuIH/RAua6/
p+br2tfecePGH6f0fMk8dp+YbxcjjVyhJkjyaYF2r+n+YflDl5y3ngxUFJ0UnNE0
RfYJf2NE1wzt4rIdnYobFP3vifDIeYj6M0LGHnURPsT6zP+zStZ81MYZKrNlTJ37
sbZhorVmO6x46xEWaDUd7UqcKJBpb7u8iSAE4S3tHLFRxBs60dPS+3UEraiTvTHr
FvWTq1Q+t/FivTxXEkVt74N5auOKbT5AAkztak21Izx6enspdx6da2aLuJD5I0OU
3F4kd8lW5PqEZubkYziDwcVoNsx88hQzHi5l2aRdzY57o82+ltWw4xXmAFR2o605
SwVJ4AUmORHuIoDYSR+UgbtKHguxVaTLVggdfvHzlDQ1VERwEU58awMwPLU1k+jP
3QW7ehPLKRN+StB6LBlnmRD1ltkaPY5iy+NMXj17hJx0trpz3qoCuv+5TRvsGvQ7
Je/G7c6suIGd4HbA9TvCinW6/JLbJQlDiG7MD2oCOPS1pdayUuB9Jw0CAwEAAQ==
-----END RSA PUBLIC KEY-----

14
nixos/assets/tinc/workhorse_host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = sPs48jzCdtTv0Viy2Of3HlXipfxH5Y8bA+KYVkOrSiK
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA01HJ49zxmnixWC9YMP0c3UFxZc4Hl5UK9nJvhMRBOuxm75kpzZsz
3v6mSy1YrVE9rrGXYjZ76wKrRhchMpvrMKKD8/DRjVqTkuFwtGgUEigzpSFoSLtC
u2Wis7Z6GW3nLgAS79NU9IUUEoeevND1zzglDb0HdERuiImiZVg3I+VXLyA31X3L
Z/B7T4QLmZGIRvFw0y1TawMjFMJZmDBtzMqfO7behkms2O1ORAciGhGxmZ9gd7yk
n/NKCpSSzeC6sJ28i33LRrWF3hRUXAEJFgq8YRxm6mjRoPLsJVsw2S98DvTcxmjN
eyVnqPVQi7JuKrOQsewQvwV2KiqI9ibEYH1zZNXwy+l05b3QSaAcyRtDpwRW7FCY
H4B3S0vjte75D4bEuYTFgT3wCzlAjdB7fPZ4jyZXdrP8G3IfbMmgsdECz5uIMwam
UaSZISlHkSJv+erA8TMJLBnqAO7ERKYI7PRIDdIun0VtX2QjRJpWIdVpxEcL4fZU
w6gzX8lOQe5NnoH/MFUfU0LyBuUH1k6WX7xdwrynUVS087vwaQN+H/VTp0QSX6PQ
oCLYPCGKS2B/St954uaPanzeG7QZQpWbvttaFVmUSkilx78xqqu3zDm9pSofFKCX
08TGlluy8JAwUqAxekQVKey2PdLmKjlMCcoUeNYbJybGplc9gv2hYhsCAwEAAQ==
-----END RSA PUBLIC KEY-----

14
nixos/assets/tinc/workout_host_file
View file

@ -1,14 +0,0 @@
Ed25519PublicKey = r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA7/bur2JIXzNrsgjQ7kfoaLUVCC9S7HNNdDrlnSdum0sWvN9urdxS
1OfzqG+kjDhQ0sS4fEeYyLMU8W3/aHkSbMjfKBiZS70bg5yHRepUEPZNqDqR3+rO
LTAGWMi/IQQQmnfcN5SjaNY/ZyXoaPd1emlpV2UXBvXo/bQTl+pmOt7AIAh7Z7M6
X5KAwU23kUwrfn/7zFCw98euNEPcCKpdF5oD4+G+S0PGfFvBmE6Xoi2blM1rcjJ4
39IGVCsKAlW1Vg48yj7FypSSjaFvIW+kyRcNNTEZ4V5p50Vm7DfylfW96NqAOeuz
2aSVaLhvmu8fU9z+g95MdGZOJYd57jFt76GbkwcLCF8KBCP9NhMfOQu0i1glk+AP
CcJcDa/Oj7lLQVB2+holJhw5fkHH2Yi+L+UsjIF0iLiOSTjGJp4yRT9Al9pgMCj2
O1JUMYxQ490mSFHBomNv1fq+f5VJnytEwAkJH6AgH+RIcAC5/r+sowfLv+Gy0ga8
jKG6t9d/x6lRNv0x5sUhYkiUD9Naq0NncaZz1GtkBAyu+hUZx2+zg3r8He4XoiXx
zWAQEgcW3X1/9VC7IBvaK9cdLG5pbeGCBaDv8S0Ue332mM0XNDlffjdC7Sg9f/TG
YV8MHpR3RwwUqdi6WFPQqVz5Hv1pE02v/Uw6tby1UgAnzskrufPh+m8CAwEAAQ==
-----END RSA PUBLIC KEY-----

39
nixos/components/network/sshd/known-hosts-private.nix
View file

@ -1,4 +1,3 @@
# generated by updateSshKeys.sh
{ config, lib, ... }: { { config, lib, ... }: {
services.openssh.knownHosts = { services.openssh.knownHosts = {
@ -22,43 +21,5 @@
]; ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
}; };
"sternchen.secret" = {
hostNames = [
"sternchen.secret"
config.module.cluster.services.tinc.secret.hosts.sternchen.tincIp
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
};
"sterni.private" = {
hostNames = [
"sterni.private"
"sterni.secret"
config.module.cluster.services.tinc.private.hosts.sterni.tincIp
config.module.cluster.services.tinc.secret.hosts.sterni.tincIp
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
};
"pepe.private" = {
hostNames = [
"pepe.private"
"pepe.lan"
config.module.cluster.services.tinc.private.hosts.pepe.tincIp
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
};
"bobi.private" = {
hostNames = [
"bobi.private"
config.module.cluster.services.tinc.private.hosts.bobi.tincIp
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk";
};
"mobi.private" = {
hostNames = [
"mobi.private"
config.module.cluster.services.tinc.private.hosts.mobi.tincIp
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk";
};
}; };
} }

41
nixos/components/network/tinc/default.nix
View file

@ -1,14 +1,37 @@
{ lib, config, ... }:
with lib;
{ {
imports = [ options.tinc = {
./private.nix private = {
./retiolum.nix enable = mkEnableOption "private tinc setup";
./secret.nix ipv4 = mkOption { type = types.str; };
subnet = mkOption {
type = types.str;
default = "10.23.42.0/24";
};
};
secret = {
enable = mkEnableOption "secret tinc setup";
ipv4 = mkOption {
type = types.str;
};
};
};
config = mkMerge [
(mkIf config.tinc.private.enable (import ./private.nix {
ipv4 = config.tinc.private.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config;
}))
(mkIf config.tinc.secret.enable (import ./secret.nix {
ipv4 = config.tinc.secret.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config;
}))
]; ];
# keys for secret and private tinc network
sops.secrets.tinc_ed25519_key = { };
sops.secrets.tinc_rsa_key = { };
} }

114
nixos/components/network/tinc/private.nix
View file

@ -1,46 +1,100 @@
{ config, lib, pkgs, ... }: { ipv4
, ipv6
{ , config
, optionalString
networking.firewall.trustedInterfaces = [ "tinc.private" ]; , concatStringsSep
, mapAttrsToList
users.groups."tinc.private" = { }; , ...
users.users."tinc.private" = { }:
group = "tinc.private"; let
isSystemUser = lib.mkDefault true; hosts = {
mobi = "10.23.42.23";
sterni = "10.23.42.24";
bobi = "10.23.42.25";
pepe = "10.23.42.26";
robi = "10.23.42.111";
}; };
subDomains = {
"transmission.robi" = hosts.robi;
"transmission2.robi" = hosts.robi;
};
network = "private";
in
{
networking.firewall.trustedInterfaces = [ "tinc.${network}" ];
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" sops.secrets.tinc_ed25519_key = { };
module.cluster.services.tinc."private" = {
networkSubnet = "10.23.42.0/24"; services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
interfaceType = "tap";
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
''; '';
privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path; hostSettings = {
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path; mobi = {
hosts = { subnets = [{ address = hosts.mobi; }];
pepe = { settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
tincIp = "10.23.42.26";
publicKey = lib.fileContents ../../../assets/tinc/pepe_host_file;
}; };
sterni = { sterni = {
tincIp = "10.23.42.24"; subnets = [{ address = hosts.sterni; }];
publicKey = lib.fileContents ../../../assets/tinc/workout_host_file; settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
};
mobi = {
tincIp = "10.23.42.23";
publicKey = lib.fileContents ../../../assets/tinc/mobi_host_file;
}; };
bobi = { bobi = {
tincIp = "10.23.42.25"; subnets = [{ address = hosts.bobi; }];
publicKey = lib.fileContents ../../../assets/tinc/bobi_host_file; settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
};
pepe = {
subnets = [{ address = hosts.pepe; }];
settings.Ed25519PublicKey = "LnE+w6ZfNCky4Kad3TBxpFKRJ2PJshkSpW6mC3pcsPI";
}; };
robi = { robi = {
realAddress = [ "144.76.13.147" ]; addresses = [{ address = "144.76.13.147"; }];
tincIp = "10.23.42.111"; subnets = [{ address = hosts.robi; }];
publicKey = lib.fileContents ../../../assets/tinc/robi_host_file; settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
}; };
}; };
}; };
};
systemd.network.enable = true;
systemd.network.networks.${network}.extraConfig = ''
[Match]
Name = tinc.${network}
[Link]
# tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be
MTUBytes=1377
[Network]
${optionalString (ipv4 != null) "Address=${ipv4}/24"}
${optionalString (ipv6 != null) "Address=${ipv6}/28"}
RequiredForOnline = no
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
services.openssh.knownHosts = {
"robi" = {
hostNames = [ "robi.${network}" hosts.robi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
};
"sterni.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
};
"pepe.${network}" = {
hostNames = [ "pepe.${network}" hosts.pepe ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
};
"bobi.${network}" = {
hostNames = [ "bobi.${network}" hosts.bobi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk";
};
"mobi.${network}" = {
hostNames = [ "mobi.${network}" hosts.mobi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk";
};
};
} }

82
nixos/components/network/tinc/secret.nix
View file

@ -1,33 +1,77 @@
{ config, pkgs, lib, ... }: { ipv4
{ , ipv6
, config
, optionalString
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" , concatStringsSep
module.cluster.services.tinc."secret" = { , mapAttrsToList
networkSubnet = "10.123.42.0/24"; , ...
}:
let
port = 721; port = 721;
hosts = {
sternchen = "10.123.42.25";
sterni = "10.123.42.24";
robi = "10.123.42.123";
};
network = "secret";
in
{
sops.secrets.tinc_ed25519_key = { };
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
AutoConnect = yes Port = ${toString port}
''; '';
privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path; hostSettings = {
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = {
sternchen = { sternchen = {
tincIp = "10.123.42.25"; subnets = [{ address = hosts.sterni; }];
publicKey = lib.fileContents ../../../assets/tinc/sternchen_host_file; settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
}; };
sterni = { sterni = {
tincIp = "10.123.42.24"; subnets = [{ address = hosts.sterni; }];
publicKey = lib.fileContents ../../../assets/tinc/workout_host_file; settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
}; };
robi = { robi = {
realAddress = [ "144.76.13.147" ]; addresses = [{ address = "144.76.13.147"; port = port; }];
tincIp = "10.123.42.123"; subnets = [{ address = hosts.robi; }];
publicKey = lib.fileContents ../../../assets/tinc/robi_host_file; settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
}; };
}; };
}; };
};
systemd.network.enable = true;
systemd.network.networks.${network}.extraConfig = ''
[Match]
Name = tinc.${network}
[Link]
# tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be
MTUBytes=1377
[Network]
${optionalString (ipv4 != null) "Address=${ipv4}/24"}
${optionalString (ipv6 != null) "Address=${ipv6}/28"}
RequiredForOnline = no
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
services.openssh.knownHosts = {
"sternchen.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
};
"sterni.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
};
"robi" = {
hostNames = [ "robi.${network}" hosts.robi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
};
};
} }

14
nixos/machines/pepe/configuration.nix
View file

@ -53,13 +53,13 @@
networking.dhcpcd.allowInterfaces = [ "enp0s25" ]; networking.dhcpcd.allowInterfaces = [ "enp0s25" ];
# nix-shell -p speedtest_cli --run speedtest # nix-shell -p speedtest_cli --run speedtest
configuration.fireqos = { #configuration.fireqos = {
enable = false; # enable = false;
interface = "enp0s25"; # interface = "enp0s25";
input = 200000; # input = 200000;
output = 2000; # output = 2000;
balance = false; # balance = false;
}; #};
services.printing.enable = false; services.printing.enable = false;
services.smartd.enable = true; services.smartd.enable = true;

89
nixos/machines/pepe/neo4j.nix
View file

@ -1,89 +0,0 @@
{ config, lib, pkgs, ... }:
{
# neo4j container managment
# -------------------------
virtualisation.oci-containers.containers =
let
neo4j_config = {
image = "neo4j";
environment = {
NEO4J_AUTH = "none"; # for development purpose
NEO4J_apoc_export_file_enabled = "true";
NEO4J_apoc_import_file_enabled = "true";
NEO4J_apoc_import_file_use__neo4j__config = "true";
NEO4JLABS_PLUGINS = ''["apoc","n10s"]'';
};
ports = [
"127.0.0.1:7474:7474" # http port
"127.0.0.1:17687:7687" # bolt port
];
volumes = [
"/var/lib/neo4j/data:/data"
"/var/lib/neo4j/logs:/logs"
"/var/lib/neo4j/conf:/conf"
"/var/lib/neo4j/import:/import" # for database imports
"/var/lib/neo4j/plugins:/plugins"
];
};
in
{
neo4j = neo4j_config;
#neo4jbackup = neo4j_config // {
# autoStart = false;
# volumes = [
# "/var/lib/neo4j/data:/data"
# "/var/lib/neo4j/backups:/backups"
# ];
# cmd = ["neo4j-admin" "dump" "--verbose" "--to=/backups/neo4j.dump"];
#};
};
#systemd.services."docker-neo4jbackup" = {
# preStart = "systemctrl stop docker-neo4j";
# postStop = "systemctrl start docker-neo4j";
#};
# backups
# -------
backup.dirs = [ "/var/lib/neo4j/backups" ];
# todo run frequently :
# docker exec --interactive --tty neo4j neo4j-admin dump --verbose --to /dump/neo4j.dump
# https://neo4j.com/docs/operations-manual/current/docker/maintenance/
# nginx publishing
# ----------------
services.nginx.streamConfig = ''
# configure neo4j bolt port
server {
allow 192.168.0.0/16; # allow private ip range class c
allow ${config.module.cluster.services.tinc."private".networkSubnet}; # allow private tinc network
deny all;
listen 7687;
proxy_pass localhost:17687;
}
'';
services.nginx.virtualHosts."neo4j.${config.networking.hostName}.private" = {
serverAliases = [ config.networking.hostName ];
locations."/" = {
extraConfig = ''
allow 192.168.0.0/16; # allow private ip range class c
allow ${config.module.cluster.services.tinc."private".networkSubnet}; # allow private tinc network
deny all;
'';
proxyPass = "http://localhost:7474";
};
};
networking.firewall.allowedTCPPorts = [ 80 7687 ];
#networking.firewall.allowedUDPPorts = [ 80 ];
}

21
nixos/machines/pepe/tinc.nix
View file

@ -1,23 +1,6 @@
{ config, lib, pkgs, ... }:
with lib;
{ {
module.cluster.services.tinc = {
"private" = {
enable = true;
openPort = true;
connectTo = [ "robi" ];
};
"retiolum" = {
enable = true;
openPort = true;
};
};
sops.secrets.tinc_retiolum_ed25519_key = { }; tinc.private.enable = true;
sops.secrets.tinc_retiolum_rsa_key = { }; tinc.private.ipv4 = "10.23.42.26";
users.users."tinc.retiolum".group = "tinc.retiolum";
users.groups."tinc.retiolum" = { };
} }

1
nixos/machines/robi/configuration.nix
View file

@ -35,7 +35,6 @@
#./hardware-configuration.nix #./hardware-configuration.nix
#./finance.nix #./finance.nix
#./grafana.nix
#./graylog.nix #./graylog.nix
#./kibana.nix #./kibana.nix
#./mysql.nix #./mysql.nix

38
nixos/machines/robi/grafana.nix
View file

@ -1,38 +0,0 @@
{ config, ... }: {
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"grafana.${config.networking.hostName}.private" = {
serverAliases = [ ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.grafana.port
}";
};
};
};
};
services.grafana = {
enable = true;
port = 5656;
addr =
config.module.cluster.services.tinc."private".hosts."${config.networking.hostName}".tincIp;
auth.anonymous = {
enable = true;
org_role = "Editor";
org_name = "AWESOME";
};
provision = {
enable = true;
datasources = [{
type = "prometheus";
isDefault = true;
name = "Prometheus Workhorse";
url = "http://workhorse.private:9090";
}];
};
};
}

24
nixos/machines/robi/tinc.nix
View file

@ -1,19 +1,15 @@
{ config, lib, pkgs, ... }: { {
module.cluster.services.tinc = {
"private" = { networking.firewall = {
enable = true; allowedTCPPorts = [ 655 712 ];
openPort = true; allowedUDPPorts = [ 655 712 ];
connectTo = [ ];
};
"secret" = {
enable = true;
openPort = true;
connectTo = [ ];
};
}; };
users.users."tinc.secret".group = "tinc.secret"; tinc.private.enable = true;
users.groups."tinc.secret" = { }; tinc.private.ipv4 = "10.23.42.111";
tinc.secret.enable = true;
tinc.secret.ipv4 = "10.123.42.123";
} }

2
nixos/machines/robi/transmission.nix
View file

@ -296,7 +296,7 @@ in
virtualHosts = { virtualHosts = {
"transmission.${config.networking.hostName}.private" = { "transmission.${config.networking.hostName}.private" = {
extraConfig = '' extraConfig = ''
allow ${config.module.cluster.services.tinc.private.networkSubnet}; allow ${config.tinc.private.subnet};
deny all; deny all;
''; '';
locations."/" = { locations."/" = {

2
nixos/machines/robi/transmission2.nix
View file

@ -174,7 +174,7 @@ in
virtualHosts = { virtualHosts = {
"transmission2.${config.networking.hostName}.private" = { "transmission2.${config.networking.hostName}.private" = {
extraConfig = '' extraConfig = ''
allow ${config.module.cluster.services.tinc.private.networkSubnet}; allow ${config.tinc.private.subnet};
deny all; deny all;
''; '';
locations."/" = { locations."/" = {

32
nixos/machines/sterni/tinc.nix
View file

@ -1,33 +1,9 @@
{ config, lib, pkgs, ... }:
with lib;
{ {
module.cluster.services.tinc = { tinc.private.enable = true;
"private" = { tinc.private.ipv4 = "10.23.42.24";
enable = true;
openPort = true;
connectTo = [ "robi" ];
};
"retiolum" = {
enable = true;
openPort = true;
};
"secret" = {
enable = true;
openPort = true;
connectTo = [ "robi" ];
};
};
sops.secrets.tinc_retiolum_ed25519_key = { }; tinc.secret.enable = true;
sops.secrets.tinc_retiolum_rsa_key = { }; tinc.secret.ipv4 = "10.123.42.24";
users.users."tinc.retiolum".group = "tinc.retiolum";
users.groups."tinc.retiolum" = { };
users.users."tinc.secret".group = "tinc.secret";
users.groups."tinc.secret" = { };
} }

2
nixos/system/all/default.nix
View file

@ -14,7 +14,7 @@
#<cleverca22/qemu.nix> #<cleverca22/qemu.nix>
./grub.nix ./grub.nix
./networking-qos.nix #./networking-qos.nix
./nginx-landingpage.nix ./nginx-landingpage.nix
./nginx.nix ./nginx.nix
./packages.nix ./packages.nix

8
nixos/system/all/defaults.nix
View file

@ -49,12 +49,4 @@
# ----------------------------- # -----------------------------
programs.vim.defaultEditor = true; programs.vim.defaultEditor = true;
# extra hosts
# /etc/hosts
networking.extraHosts = ''
${config.module.cluster.services.tinc.private.hosts.robi.tincIp} transmission.robi.private
${config.module.cluster.services.tinc.private.hosts.robi.tincIp} transmission2.robi.private
'';
} }

10
nixos/system/all/networking-qos.nix
View file

@ -39,9 +39,9 @@
tincOutput = kbits (config.configuration.fireqos.output * 0.7); tincOutput = kbits (config.configuration.fireqos.output * 0.7);
useBalancedForExperimenting = false; useBalancedForExperimenting = false;
tincPorts = #tincPorts =
lib.mapAttrsToList (name: configuration: toString configuration.port) # lib.mapAttrsToList (name: configuration: toString configuration.port)
config.module.cluster.services.tinc; # config.module.cluster.services.tinc;
in in
{ {
@ -63,8 +63,8 @@
class http commit 80% class http commit 80%
match tcp port 80,443 match tcp port 80,443
class tinc commit 80% #class tinc commit 80%
match port ${lib.concatStringsSep "," tincPorts} # match port ${lib.concatStringsSep "," tincPorts}
class surfing commit 30% class surfing commit 30%
match tcp sports 0:1023 # include TCP traffic from port 0-1023 match tcp sports 0:1023 # include TCP traffic from port 0-1023

4
nixos/system/all/nginx-landingpage.nix
View file

@ -14,8 +14,8 @@
href = "http://${host}:8384/"; href = "http://${host}:8384/";
image = "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif"; image = "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif";
}) })
(map (name: { inherit name; }) (lib.attrNames (lib.flatten (lib.mapAttrsToList (name: { ... }: { inherit name; })
config.module.cluster.services.tinc."private".hosts)); config.services.tinc.networks."private".hostSettings));
} }
{ {
text = "netdata"; text = "netdata";

1
nixos/system/desktop/default.nix
View file

@ -10,7 +10,6 @@
./cachix.nix ./cachix.nix
./direnv.nix ./direnv.nix
./hoard.nix ./hoard.nix
#./dnsmasq.nix
./home-manager.nix ./home-manager.nix
./mail-stuff.nix ./mail-stuff.nix
#./mc.nix #./mc.nix

14
nixos/system/desktop/dnsmasq.nix
View file

@ -1,14 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
{
services.dnsmasq = {
enable = mkDefault true;
extraConfig = ''
${concatStringsSep "\n"
(flip mapAttrsToList config.module.cluster.services.tinc."private".hosts
(name: attrs: "address=/.${name}.private/${attrs.tincIp}"))}
'';
};
}