tinc-test: create setup for testing
This commit is contained in:
parent
ed25e77465
commit
408efd069f
24 changed files with 520 additions and 0 deletions
10
terranix/tinc-test/.gitignore
vendored
Normal file
10
terranix/tinc-test/.gitignore
vendored
Normal file
|
@ -0,0 +1,10 @@
|
|||
.terraform
|
||||
*.tf.json
|
||||
*.swp
|
||||
|
||||
02-build/generated/**
|
||||
!02-build/generated/.keep
|
||||
|
||||
terraform.tfstate
|
||||
terraform.tfstate.backup
|
||||
.terraform.tfstate.lock.info
|
36
terranix/tinc-test/01-terranix/config.nix
Normal file
36
terranix/tinc-test/01-terranix/config.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
|
||||
hcloud-modules = pkgs.fetchgit {
|
||||
#url = "https://github.com/mrVanDalo/terranix-hcloud.git";
|
||||
url = "https://git.ingolf-wagner.de/terranix/hcloud.git";
|
||||
rev = "b6896f385f45ecfd66e970663c55635c9fd8b26b";
|
||||
sha256 = "1bggnbry7is7b7cjl63q6r5wg9pqz0jn8i3nnc4rqixp0ckwdn85";
|
||||
};
|
||||
|
||||
#hcloud-modules = /home/palo/dev/terranix-hcloud/terraform-0.11;
|
||||
|
||||
in {
|
||||
|
||||
imports = [
|
||||
(toString hcloud-modules)
|
||||
|
||||
./config/file-generation.nix
|
||||
./config/ssh-setup.nix
|
||||
];
|
||||
|
||||
#hcloud.export.nix = "${toString ../02-build/generated}/test.nix";
|
||||
|
||||
hcloud.nixserver.server = {
|
||||
configurationFile = pkgs.writeText "configuration.nix" ''
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
htop git vim mosh
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [ 60001 ];
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
30
terranix/tinc-test/01-terranix/config/file-generation.nix
Normal file
30
terranix/tinc-test/01-terranix/config/file-generation.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
# --------------------------------------------------------------------------------
|
||||
#
|
||||
# collect all server information and generate files which get picked up
|
||||
# by 02-build to deploy the machines properly.
|
||||
#
|
||||
# This makes it possible to deploy VPNs like tinc and wireguard.
|
||||
#
|
||||
# --------------------------------------------------------------------------------
|
||||
|
||||
{ config, lib, pkgs, ... }: {
|
||||
resource.local_file = {
|
||||
nixosMachines = {
|
||||
content = with lib;
|
||||
let
|
||||
serverPart = name: ''
|
||||
${name} = {
|
||||
host = "''${ hcloud_server.${name}.ipv4_address }";
|
||||
user = "root";
|
||||
};
|
||||
'';
|
||||
allServerParts = map serverPart (attrNames config.hcloud.server);
|
||||
in ''
|
||||
{
|
||||
${concatStringsSep "\n" allServerParts}
|
||||
}
|
||||
'';
|
||||
filename = "${toString ../../02-build/generated/nixos-machines.nix}";
|
||||
};
|
||||
};
|
||||
}
|
44
terranix/tinc-test/01-terranix/config/ssh-setup.nix
Normal file
44
terranix/tinc-test/01-terranix/config/ssh-setup.nix
Normal file
|
@ -0,0 +1,44 @@
|
|||
# --------------------------------------------------------------------------------
|
||||
#
|
||||
# configure ssh setup
|
||||
#
|
||||
# --------------------------------------------------------------------------------
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
ssh = {
|
||||
privateKeyFile = ../../sshkey;
|
||||
publicKeyFile = ../../sshkey.pub;
|
||||
};
|
||||
target = file: "${toString ../../02-build/generated}/${file}";
|
||||
in {
|
||||
# configure admin ssh keys
|
||||
users.admins.palo.publicKey = lib.fileContents ssh.publicKeyFile;
|
||||
|
||||
# configure provisioning private Key to be used when running provisioning on the machines
|
||||
provisioner.privateKeyFile = toString ssh.privateKeyFile;
|
||||
|
||||
resource.local_file = {
|
||||
|
||||
# provide ssh key for the server
|
||||
sshKey = {
|
||||
content = lib.fileContents ssh.publicKeyFile;
|
||||
filename = target "sshkey.pub";
|
||||
};
|
||||
|
||||
sshConfig = {
|
||||
filename = target "ssh-configuration";
|
||||
content = with lib;
|
||||
let
|
||||
configPart = name: ''
|
||||
Host ''${ hcloud_server.${name}.ipv4_address }
|
||||
IdentityFile ${toString ssh.privateKeyFile}
|
||||
ServerAliveInterval 60
|
||||
ServerAliveCountMax 3
|
||||
'';
|
||||
in concatStringsSep "\n"
|
||||
(map configPart (attrNames config.hcloud.server));
|
||||
};
|
||||
};
|
||||
}
|
||||
|
34
terranix/tinc-test/01-terranix/shell.nix
Normal file
34
terranix/tinc-test/01-terranix/shell.nix
Normal file
|
@ -0,0 +1,34 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
|
||||
let
|
||||
|
||||
terranix = pkgs.callPackage (pkgs.fetchgit {
|
||||
url = "https://github.com/mrVanDalo/terranix.git";
|
||||
rev = "6097722f3a94972a92d810f3a707351cd425a4be";
|
||||
sha256 = "1d8w82mvgflmscvq133pz9ynr79cgd5qjggng85byk8axj6fg6jw";
|
||||
}) { };
|
||||
|
||||
terraform = pkgs.writers.writeDashBin "terraform" ''
|
||||
export TF_VAR_hcloud_api_token=`${pkgs.pass}/bin/pass development/hetzner.com/api-token`
|
||||
${pkgs.terraform_0_11}/bin/terraform "$@"
|
||||
'';
|
||||
|
||||
create = pkgs.writers.writeDashBin "create" ''
|
||||
${terranix}/bin/terranix | ${pkgs.jq}/bin/jq '.' > ${
|
||||
toString ./.
|
||||
}/config.tf.json \
|
||||
&& ${terraform}/bin/terraform init \
|
||||
&& ${terraform}/bin/terraform apply
|
||||
'';
|
||||
|
||||
clean = pkgs.writers.writeBashBin "clean" ''
|
||||
${terraform}/bin/terraform destroy
|
||||
rm ${toString ./.}/config.tf.json
|
||||
rm ${toString ./.}/terraform.tfstate*
|
||||
'';
|
||||
|
||||
in pkgs.mkShell {
|
||||
|
||||
buildInputs = with pkgs; [ terranix terraform create clean ];
|
||||
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
-----BEGIN ED25519 PRIVATE KEY-----
|
||||
gTFtvOMvD5KTUZeGNcTh5ngY/BktUd0OW/37jT8w+61eLP0ntMkaBB8yovTbJvXR
|
||||
vReDUb/hjIi7nhGgy2EzP6An4QtXWvTHWJSDefglGVlcFqPDbhRkJ8CpWbCGoIYt
|
||||
-----END ED25519 PRIVATE KEY-----
|
14
terranix/tinc-test/02-build/assets/tinc/client/host_file
Normal file
14
terranix/tinc-test/02-build/assets/tinc/client/host_file
Normal file
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = OwJOU7l170hVi0g3HYpRVJXh6zwWYEZCvQq1mgBKCWL
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAwNR4EbAffxezhbmTIoetrUPPpo66rR9kPJkLCl/fTJbVE1ryjXNQ
|
||||
Cq0lefDURLT4L3Iw/XgBUIy1xpH8InolnYlL2DRadOvbA0nCUzoekwshcV1N6tCe
|
||||
HsxrVP5XSxGJ6Es7L0zzvqXCoYP4tic+N4ztZBknn9RRMY497qHPxLoejqPZndmj
|
||||
9VPciWtiZMhLPka/r0mS/Y7h2t3IQg3J2QCXjQoojTpGym9wPlBXcE2Hv5hYKM8X
|
||||
359/arLKlAi91I2SH1o6+rBoGaMB50goEnDvWqdha95CR9K/I7+eJm8/AiJCxus0
|
||||
2KKCK7K5GvBPifEgMX4AVF8bqgTF9VZi0peG3dUEsg2L/6XqfH6IeFziWfuzuR9k
|
||||
Ud0fzu235ssshMz/WHtTZiwTUc/xzs29PrF8ThieN/nt6tdBS3A0wdqeNfKjoD3k
|
||||
zgqcc+ODUUR4gaq/46W0lU8aiP1w32YmKLnrBmFYjZXHqXNgYOZctoW/SjblvpCK
|
||||
pYUxowFOXA8BU/eRiNZfa+b0ONe0XQOj8Q78st5XsCTlqHLkytdjwauZvM4jVuE9
|
||||
7lhvvr1ft/QO3RdBMXAXgDN0F2eDnzqdRE/rrvqNJCeheS9rmHE6Aa0e5yTcJMMK
|
||||
qCkys4lQn4y9RnfH3MpzRtRnpSKid31WcmCI+JYHLe4ZhFWXju4fKPECAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
51
terranix/tinc-test/02-build/assets/tinc/client/rsa_key.priv
Normal file
51
terranix/tinc-test/02-build/assets/tinc/client/rsa_key.priv
Normal file
|
@ -0,0 +1,51 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKAIBAAKCAgEAwNR4EbAffxezhbmTIoetrUPPpo66rR9kPJkLCl/fTJbVE1ry
|
||||
jXNQCq0lefDURLT4L3Iw/XgBUIy1xpH8InolnYlL2DRadOvbA0nCUzoekwshcV1N
|
||||
6tCeHsxrVP5XSxGJ6Es7L0zzvqXCoYP4tic+N4ztZBknn9RRMY497qHPxLoejqPZ
|
||||
ndmj9VPciWtiZMhLPka/r0mS/Y7h2t3IQg3J2QCXjQoojTpGym9wPlBXcE2Hv5hY
|
||||
KM8X359/arLKlAi91I2SH1o6+rBoGaMB50goEnDvWqdha95CR9K/I7+eJm8/AiJC
|
||||
xus02KKCK7K5GvBPifEgMX4AVF8bqgTF9VZi0peG3dUEsg2L/6XqfH6IeFziWfuz
|
||||
uR9kUd0fzu235ssshMz/WHtTZiwTUc/xzs29PrF8ThieN/nt6tdBS3A0wdqeNfKj
|
||||
oD3kzgqcc+ODUUR4gaq/46W0lU8aiP1w32YmKLnrBmFYjZXHqXNgYOZctoW/Sjbl
|
||||
vpCKpYUxowFOXA8BU/eRiNZfa+b0ONe0XQOj8Q78st5XsCTlqHLkytdjwauZvM4j
|
||||
VuE97lhvvr1ft/QO3RdBMXAXgDN0F2eDnzqdRE/rrvqNJCeheS9rmHE6Aa0e5yTc
|
||||
JMMKqCkys4lQn4y9RnfH3MpzRtRnpSKid31WcmCI+JYHLe4ZhFWXju4fKPECAwEA
|
||||
AQKCAgBp1PLlOlW/CkIUVcqkO/UdUEdqcZGRLNZ1z8VYd0/2GB5v1g2jhrNaeLdF
|
||||
2uCVqQFCARlUNAX8sI2fo0XPolx8vvrqealf3IbCojvOM+rN52D+eCgohUETRDxw
|
||||
VHuSjtiyrn+YMVLhwtY0kVrylk02bdlog8nUldHOMfRZwWNn5IKa5OCuGuI65kD3
|
||||
BwHksG1ji67uxKGxGjdpSSn83tZ2jDWhSf8BrAdoWYswGCY1U8f6ZuGT3D2NFVv4
|
||||
MpKudrHBM8YMARi3uBQaZfXIezjLDkK/7XexnTWhd9BCDYv+KjZZtHYT+MlzUJXC
|
||||
5/9iApyU58s0fqQtqlljkeUYBsaLOyMDvBzuZE36PM7dC988Wtr8B/4qwkCaveN1
|
||||
6Qz2i0iyNbtWJuGFqvorr+bNrvV8f/kinguWkpbE3uM3h43OAS2QIEGu9LAMsYic
|
||||
dJz7AKUw2nTifBTqrUkWO9Vx2fBaUnU3FCW5SnkayKewIZ2Fgc0xKCIS68jlM6uD
|
||||
p8z/FcKe9EEjb40lEcXMKmyEnMG7Qc/pAZa3M7t7UAmHSSLfG7zaECUxhQytHBPD
|
||||
xa08L6DRMmzvI4Ezdrt7KawydDTGM9bcH5fe2qgfK48jx2T9aIV2Vs/tgcIim8WF
|
||||
IK53oeJXMB8eXliGiPrwQkwFi3WoErsYkXF0Cn19IRayYNTOpQKCAQEA93l9mfCw
|
||||
pkCb/gbdkARsbmOxjGzAUfOvRdEt+MmAjzovG3HG9oUQT4M5xGWDpxLPP0uMMGVF
|
||||
XadUq1ZuSPK/mQaNHY5Tp/OBy3XC2YyiB1zYHrrbxmq54ikF+NwfaV2lVSeHt+TU
|
||||
tu3ZHDs7wXG7UsgL9MrD2aaBC/Sk2/3BKo9xUPOu54YlZsBCB+2NiZugdQUVwHDl
|
||||
Snj/dY1YhIEnRphY7CPj36vjDsSL1EqxKLTKKPJTJVU9cTQwCMGbR1OPoB8FjVVr
|
||||
51pz9dWS6P9iHZitoqv+uf8fe2AkUs5t6U2yFcHQYqvlKyIFsZSTOcWFM5oAZChj
|
||||
IBqsmbK7rUoHFwKCAQEAx3kPhwkkF1uvFCfnl+69UjDNovuJvCgf7eMNlzZbhzA5
|
||||
BbQPLeDbj/8q/3Anqoo2WvvWKVf+7du0KK+Cn6o4+xXCtkCvMUMWIVIUDWe+nykw
|
||||
STKfzAw5OrYr8ja4HsJu6y0Pm+qczksXCaRhqsRl120OHzyD8WOa758PE0+Lntjz
|
||||
v1HkJgDSTFcx4+gKZCikKTxwUT17W4phorY3qnYxCnP8e8relNxBIaY/EEbXUPMU
|
||||
5L3X60Hdscfde7N8/Yj9SQpRmL8qLEkHWSCeziLcN5zzc5wty5yQ/+0SZX4K1S2u
|
||||
Orv50afYiXC3TAOfYxDKf2DdVJwAJhbCZHIQQitVNwKCAQEAl3O2tnti4Jwx22kA
|
||||
N589bOF+S15S5NSps6Ss6dEH6J/HLJiZF02gCclZlSQ7Sghs5WOqzANuTD6XxrQC
|
||||
kopdT51+x1PPRr3z9TyAnvs+PhtH+KaK0geG8y4ABalRX/57rH2gxZ45wCoX8Psf
|
||||
OugLqEHdb1aYPZ904og6TJgjm5Rl2REJPZAPW67VulxbfpfLv1H5Wei9qrIaRSrX
|
||||
vV/9VWrvILVmRADB2MvYd3eurCbYge6ri/F6xMkXjIRQL3qoL2pMz44zl0b4KL8o
|
||||
RYfl2A8UVLXGErZb4fmYwUSsZ1exYTdX/MsOWTNdIKy43WZQeqAJFULSR1eLwhRs
|
||||
X0UqyQKCAQB4cB3x+JD0EYWKc/WfhKSGxbTDnYCyPL/akGcaT9W/sFwdl3Q6zTOE
|
||||
pBrAFGW+0Ki1Eq1iVSE1WJxUnHQQF2VEJQVlqXSeF9V61OYKmgM8clAXQhu9xfuf
|
||||
+XJbUrKkz9zM3m44Q9XdsPT9+2SFCQQ8qDoIni9ERlG8MJuXm0W/6Vpyv+0zDPfs
|
||||
5BDZfLcZdnh39WgThT3ALbN53O+LWsWNfC6MSBdQZhRlTs1w9HT5CWwqGH4QK7rB
|
||||
pt2R3POw2U+lFDfkNDgweP+YzttTtzSj134e5cO41pWuEOQ0p3++60/xYqIZ9nAF
|
||||
vCrQGLfZxr+dXU0F0xM77C3/G+e5LBTNAoIBAAf/z1zNTwc8v/dbkK9Esd/3VYUs
|
||||
HEmVn7RguwbqmZcMFHLmyaWZxw3qu16bR7ktHm3NfVL5hyHJ58/UFwGvS/kVlIsz
|
||||
+iAEoqjwpkNyCvT8ZdaB6grvCSV1Ac2m5YkQ9RxNCDtekLvBmw8izX/o0ESwwvkw
|
||||
eb/119fSOWB60/QQQzFREUL6KpKc+OMCLV5XfbAxTeaDahAhSTWMJxCfWqYYhFU0
|
||||
46bwiq+fo+DFHRo+BDJv7Wc8x/B/gzlSMFsxFZ0hUzXBk7Pqz3Rm/UK2cpn1DQ1/
|
||||
zQNglB1DM4IwzoQ/DGVzYeneRLEBfU1wVlxUUatBC9oXY6zz85FbzSdyl74=
|
||||
-----END RSA PRIVATE KEY-----
|
1
terranix/tinc-test/02-build/assets/tinc/client_host_file
Symbolic link
1
terranix/tinc-test/02-build/assets/tinc/client_host_file
Symbolic link
|
@ -0,0 +1 @@
|
|||
client/host_file
|
1
terranix/tinc-test/02-build/assets/tinc/ed25519_key
Symbolic link
1
terranix/tinc-test/02-build/assets/tinc/ed25519_key
Symbolic link
|
@ -0,0 +1 @@
|
|||
server/ed25519_key
|
1
terranix/tinc-test/02-build/assets/tinc/rsa_key
Symbolic link
1
terranix/tinc-test/02-build/assets/tinc/rsa_key
Symbolic link
|
@ -0,0 +1 @@
|
|||
server/rsa_key
|
|
@ -0,0 +1,4 @@
|
|||
-----BEGIN ED25519 PRIVATE KEY-----
|
||||
wNkj/HdU70l7X5XC5YVlWp3FBa8cBaDRy1LbJCjkh83CYYieSQ2IUWgHQ4Vhx253
|
||||
7bXVLSOnVIKMifAnBwSOSX7lTGI6gUP2aZCwa142WdxPDPiYv3sEMqK037VyfHVl
|
||||
-----END ED25519 PRIVATE KEY-----
|
14
terranix/tinc-test/02-build/assets/tinc/server/host_file
Normal file
14
terranix/tinc-test/02-build/assets/tinc/server/host_file
Normal file
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = 1e5kBiOI1jtWmAsWNutVX8zwjI27NLBjqC99el83RVJ
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEA1qFa0YFVefm3kVXGG5j26TF4JNJtBpZo1Jtd9XB6cErMG80vrdvb
|
||||
RWNwCoY8SM21zN5ew9p7W/P8aClZShx7WRyIzPsTnc69N7zIosAIeXURgo8Ot2Yd
|
||||
1us5RquPxc6NZ0JhDkz50EgQiJ4fRaCmaBb68hP36U8XdO7VTn93+l0YlmvbhAny
|
||||
gB7iMOsXiDXxbzxOO+XC3ygaeO45ioEDduEv9Ny9KptXN08eOkxKL7dN4om2Nux0
|
||||
2EurWqTBYTrWki+XxovfvsmiM5AELHtTaUM8FwwEX0e7dV1cDYYqz3hWPmYgZ4Bj
|
||||
dp258VDa/sbUCiRVQfcxzHqbvd3UCoNG76YsGJ6s7TqoxvCCvB4ziH+d6/Uu+h5h
|
||||
DtjccwVQmW22A5DQHix4T/DmXs1GB5qzOa8eEd6cHTpqp/qzGmvC0un5BezY+CVR
|
||||
ZphzFoYGF6Q3T7JwC6LCMCNBOqby+bhZNYmkztRzhXvFFrBmj6E17+8Z5fgLgl6u
|
||||
+1QhxQTjg3uvjZXmQh2+jjTwa3vO1pZR6k9yyLMo9zPpr7i7QY4tqPR8u4j0fkHj
|
||||
aXtOOj2wl0gDCnVX3mWeUKCJusCDdJ2hPpuz11pPQt67mxtUXO31aMM9J3mHjj0y
|
||||
PKl7NGKA7ozI9e4HV09KiozM6yrLrvLyoRTn8AgwVoMiEw91CHhDNRkCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
51
terranix/tinc-test/02-build/assets/tinc/server/rsa_key
Normal file
51
terranix/tinc-test/02-build/assets/tinc/server/rsa_key
Normal file
|
@ -0,0 +1,51 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKAIBAAKCAgEA1qFa0YFVefm3kVXGG5j26TF4JNJtBpZo1Jtd9XB6cErMG80v
|
||||
rdvbRWNwCoY8SM21zN5ew9p7W/P8aClZShx7WRyIzPsTnc69N7zIosAIeXURgo8O
|
||||
t2Yd1us5RquPxc6NZ0JhDkz50EgQiJ4fRaCmaBb68hP36U8XdO7VTn93+l0Ylmvb
|
||||
hAnygB7iMOsXiDXxbzxOO+XC3ygaeO45ioEDduEv9Ny9KptXN08eOkxKL7dN4om2
|
||||
Nux02EurWqTBYTrWki+XxovfvsmiM5AELHtTaUM8FwwEX0e7dV1cDYYqz3hWPmYg
|
||||
Z4Bjdp258VDa/sbUCiRVQfcxzHqbvd3UCoNG76YsGJ6s7TqoxvCCvB4ziH+d6/Uu
|
||||
+h5hDtjccwVQmW22A5DQHix4T/DmXs1GB5qzOa8eEd6cHTpqp/qzGmvC0un5BezY
|
||||
+CVRZphzFoYGF6Q3T7JwC6LCMCNBOqby+bhZNYmkztRzhXvFFrBmj6E17+8Z5fgL
|
||||
gl6u+1QhxQTjg3uvjZXmQh2+jjTwa3vO1pZR6k9yyLMo9zPpr7i7QY4tqPR8u4j0
|
||||
fkHjaXtOOj2wl0gDCnVX3mWeUKCJusCDdJ2hPpuz11pPQt67mxtUXO31aMM9J3mH
|
||||
jj0yPKl7NGKA7ozI9e4HV09KiozM6yrLrvLyoRTn8AgwVoMiEw91CHhDNRkCAwEA
|
||||
AQKCAgBSwt9ZP+zs3tzo/tEoXSCApSG12SpPSvpbWRmvBdNAr6bq5YEIImn35LMU
|
||||
a9SdIi2DNRAHp5y/xWJD7AXRLRBnOTiLChnzVP/jmTkogLID25+H35AGKitBb2yj
|
||||
ko4a8V3XPmJceFQv+0nc1FQsrhjctFfJtud2oJfj8CByZ3alJPbRMf/wd0F6I+6G
|
||||
fHCThnF1uiRUtnEhSb6DeSDZBoyGb6jlW6TZ5BKKckiupDJLGfy/aOjJXv5jVTJa
|
||||
/oLO8jhBIHb/CXqaf/e6uELTwC5WvaVTIcAh2XAwfnJ7iIvDepyO7SR7pKc12vYT
|
||||
VmFLsvGag44YpLAgL/sUCJC2CQ71rtx79SNHegDkunqI+GZTSL1uuBHMXpSA75xm
|
||||
t6m6hcn3E0rL6wSZ+mgpyL1+AULWOSbU4XybsXjORzTsJfn91s7k5dyySQSRDy30
|
||||
z10fQzLPJI8kSmGtzUFpDMvOYpfmq5p0aMI58fvTqLgNc1wnJrj2SKfEQI0MnhKU
|
||||
BESIh63yjPQuPkeqpO1zf8OgmvZ/PU7Egbb8YAHzC11KBh2zKem6zL0Q/bLBcur1
|
||||
bcKT0VRq/5jpwLG1dpXf7KovatTjg44cjb+LFP6YnBhM1pc620Hc4G+TPJs3y56c
|
||||
OdmX6UCCvl1c4pZJ4Mmg7I1LvZcPFIYFFOTmLLixfWWH4n7vrQKCAQEA+PjO4I8Z
|
||||
RMMui1cpfoj3go4y/IY3bWF2Dgg6QgddagXxdFMVtFKD0LMlpbt3MUmGOjj7zepG
|
||||
1zeRnvgkAk6ZX/nibMkDWnyVMoews1WJC3YpOZdavjzJ2j3517rvomhSQWzbyOAt
|
||||
T1oR9dz2EYEFchYgJ+N5pmCvrhQd1nENpT9usxiVT+ecTE8sObJqY6a1otK969yO
|
||||
urIckDx8SqKY6V5iuTjcsdrSfzIlFKKZ5S9XPqg98lqWekYA9R5WMzolQGFVoDMI
|
||||
343HdE/oEExBR7X39E+D2YGwoepw6lVBHkmFd1px5Oc5kysAbvB1QiSoU1Oi85mN
|
||||
uBmrzxmYkQ/d7wKCAQEA3LBgoWzoez81rDh+i9vXweI7vKHy1htJnRPgYuxWtlvu
|
||||
RzgGK/FvOMOthVqpOR0fO1g+7/LupgNjBgGys+jTOeZiKwYEWuy0RCpjKmhc6j2y
|
||||
jwdXjzHf0Ve3MFF23qhaXhQHEgg9W1VQJwt8xv28mY96YznYB/JC0vLG2ZdQ5ASJ
|
||||
JHrrZNIk3h+32yBRq8312+cWRXmg27MSSfOrRAMSeoV0c7YvDakce9ZNaok/gbi9
|
||||
hA+yqxZc0SrkOXLA0plHzyzH492sonsdLjIQNApJv36NqD6ZHzcPy2iHK3ymhj+z
|
||||
QM/kt5QHFbK3OFBJbyHxtbSpMfJMvh5AgzyJhaildwKCAQAHe+MsGOEXkg5qHdqf
|
||||
dRqLkB60PIyZ+x4DWff2WCZUs40IhB7Y5soTke8FxlbU4nLoeSIIlIxAl+kGsErU
|
||||
zuwJWIeX4Yr6Q1hwxmdnXKDb+VdP5d7SbR1cNBS4iWP+q8gdM1p/9U0nX3u+uj+j
|
||||
Uw+I2GVrDYlwmONvBifHdGqGlxuKwqhqWHn4SUD5EwXjrPU0ycTvvBeGQShepZLO
|
||||
44hZK38oNi9cIUnGjQlUT3b0zrF+rqv+Bv8S+du5gonwzESmZMagJCiWH7rpIiXF
|
||||
p6UmtK+ZZnJ+LUnT9CokwR9N+8PJTKyzxseSRu6iZxP/Qv7UUmVJkUoTSKJDfW96
|
||||
nNF9AoIBAAOnU+I4SF0J/dx9DvNHz3mhQjXsRHXw+7YDBzr8CK96NCavscJ2e83n
|
||||
x26mwph0d/jmjBwy3GqZMcF+s7OwzhZuTv/BWL8cnhtmzD9+fNNP9C3UBEoVnEv9
|
||||
9MVzA9HJ3b0i/b75rfJeJjaPRSCSQNYV/wO3iHERPLP7WvltPOSZgp+8/TqtE/kt
|
||||
c0DIdzGt9j0OxVqfGd+pRks9In+8wUiP/w6PXJYQT61pLdzuqsN+CH0wOVgFxcGc
|
||||
wSyGTtTtvreaWTDXka0a9q+2GniSFwh5kuTPLH/MzJEkiOBabvNYCKKxDmtPoxJj
|
||||
5A6lnaGeYT8N36M5DLY1EAJcNTamRR8CggEBAPgc5Wr2YM9rmAB/15H+xk8H/tsI
|
||||
1hxgGtfdHdo9ZwIyowakuqQaIjbgFX64bE9cX9C62mJ12rP6YoTAz5zRBm4J1Eld
|
||||
U2PlnCwLJbtrdF83tTSi8n9Yo/y3wMFB0C+z2apEqOkLTUaz3REM+1N8CWVKMtaW
|
||||
CtEqfx2sIbwy/Y3i8kSyR8mZPiMlpGULLBPvcKSgZZnUzzo5gZh2mP9zwb0q669K
|
||||
71k3LzM8EY/1by8xrhhg5Iyanoeq2PwecUR4XD8pvpYRdUk+bERUSPyJenWa1JQ/
|
||||
df25AfKqmpoVp+LeICbZf4vNLxR1rs44fXPkMpu4SoQkSLuNYkoqpOngjjY=
|
||||
-----END RSA PRIVATE KEY-----
|
1
terranix/tinc-test/02-build/assets/tinc/server_host_file
Symbolic link
1
terranix/tinc-test/02-build/assets/tinc/server_host_file
Symbolic link
|
@ -0,0 +1 @@
|
|||
server/host_file
|
|
@ -0,0 +1,12 @@
|
|||
{ pkgs, lib, ... }: {
|
||||
imports = [ ./hardware-configuration.nix ./tinc-server.nix ];
|
||||
|
||||
networking.hostName = "server";
|
||||
|
||||
environment.systemPackages = with pkgs; [ htop git vim mosh ];
|
||||
networking.firewall.allowedUDPPorts = [ 60001 ];
|
||||
|
||||
services.sshd.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keyFiles = [ <generated/sshkey.pub> ];
|
||||
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
{ ... }: {
|
||||
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/sda1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
{
|
||||
imports = [ ./tinc.nix ];
|
||||
|
||||
module.cluster.services.tinc = {
|
||||
"test" = {
|
||||
enable = true;
|
||||
openPort = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
# shared tinc file between client and server
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
imports = [ <cluster-module> ];
|
||||
|
||||
networking.firewall.trustedInterfaces = [ "tinc.private" ];
|
||||
|
||||
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
||||
module.cluster.services.tinc = {
|
||||
"test" = {
|
||||
networkSubnet = "10.123.142.0/24";
|
||||
extraConfig = ''
|
||||
LocalDiscovery = yes
|
||||
'';
|
||||
privateEd25519KeyFile = toString <assets/tinc/ed25519_key>;
|
||||
privateRsaKeyFile = toString <assets/tinc/rsa_key>;
|
||||
hosts = {
|
||||
server = {
|
||||
tincIp = "10.123.142.1";
|
||||
publicKey = lib.fileContents <assets/tinc/server_host_file>;
|
||||
};
|
||||
client = {
|
||||
tincIp = "10.123.142.100";
|
||||
publicKey = lib.fileContents <assets/tinc/client_host_file>;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
0
terranix/tinc-test/02-build/generated/.keep
Normal file
0
terranix/tinc-test/02-build/generated/.keep
Normal file
73
terranix/tinc-test/02-build/shell.nix
Normal file
73
terranix/tinc-test/02-build/shell.nix
Normal file
|
@ -0,0 +1,73 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
|
||||
with pkgs.lib;
|
||||
|
||||
let
|
||||
|
||||
ops = let
|
||||
opsImport = import ((import <nixpkgs> { }).fetchgit {
|
||||
url = "https://github.com/mrVanDalo/plops.git";
|
||||
rev = "9fabba016a3553ae6e13d5d17d279c4de2eb00ad";
|
||||
sha256 = "193pajq1gcd9jyd12nii06q1sf49xdhbjbfqk3lcq83s0miqfs63";
|
||||
});
|
||||
overlay = self: super: {
|
||||
# overwrite ssh to use the generated ssh configuration
|
||||
openssh = super.writers.writeBashBin "ssh" ''
|
||||
${super.openssh}/bin/ssh -F ${
|
||||
toString ./generated/ssh-configuration
|
||||
} "$@"
|
||||
'';
|
||||
};
|
||||
in opsImport { overlays = [ overlay ]; };
|
||||
|
||||
lib = ops.lib;
|
||||
pkgs = ops.pkgs;
|
||||
|
||||
source = {
|
||||
|
||||
nixPkgs.nixpkgs.git = {
|
||||
ref = "nixos-19.09";
|
||||
url = "https://github.com/NixOS/nixpkgs-channels";
|
||||
};
|
||||
|
||||
system = name: {
|
||||
configs.file = toString ./configs;
|
||||
assets.file = toString ./assets;
|
||||
generated.file = toString ./generated;
|
||||
nixos-config.symlink = "configs/${name}/configuration.nix";
|
||||
};
|
||||
|
||||
modules.cluster-module.git = {
|
||||
url = "https://git.ingolf-wagner.de/nix-modules/cluster.git";
|
||||
ref = "1.2.0";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
servers = import ./generated/nixos-machines.nix;
|
||||
|
||||
deployServer = name:
|
||||
{ user, host, ... }:
|
||||
with ops;
|
||||
jobs "deploy-${name}" "${user}@${host}" [
|
||||
(populate (source.system name))
|
||||
(populate source.nixPkgs)
|
||||
(populate source.modules)
|
||||
switch
|
||||
];
|
||||
|
||||
moshServer = name:
|
||||
{ user, host, ... }:
|
||||
pkgs.writers.writeDashBin "mosh-${name}" ''
|
||||
${pkgs.mosh}/bin/mosh \
|
||||
--ssh="${pkgs.openssh}/bin/ssh -F ${
|
||||
toString ./generated/ssh-configuration
|
||||
}" \
|
||||
"${user}@${host}"
|
||||
'';
|
||||
|
||||
in pkgs.mkShell {
|
||||
buildInputs = lib.mapAttrsToList deployServer servers
|
||||
++ mapAttrsToList moshServer servers;
|
||||
|
||||
}
|
39
terranix/tinc-test/README.md
Normal file
39
terranix/tinc-test/README.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
|
||||
A setup to test tinc on a hetzner box
|
||||
|
||||
# steps
|
||||
|
||||
## OPTIONAL: generate fresh ssh keys
|
||||
|
||||
```sh
|
||||
ssh-keygen -P "" -f sshkey
|
||||
```
|
||||
|
||||
## OPTIONAL: generate new tinc keys
|
||||
|
||||
```
|
||||
nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
||||
cat *.pub host_file
|
||||
rm *.pub
|
||||
```
|
||||
|
||||
## generate machine
|
||||
|
||||
```sh
|
||||
cd ./01-terranix
|
||||
nix-shell --run "create"
|
||||
```
|
||||
|
||||
## provision machine
|
||||
|
||||
```sh
|
||||
cd ./02-build
|
||||
nix-shell --run deploy-server
|
||||
```
|
||||
|
||||
## cleanup
|
||||
|
||||
```sh
|
||||
cd ./01-terranix
|
||||
nix-shell --run "clean"
|
||||
```
|
49
terranix/tinc-test/sshkey
Executable file
49
terranix/tinc-test/sshkey
Executable file
|
@ -0,0 +1,49 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
|
||||
NhAAAAAwEAAQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nITFj8/O6cOpUcsgsg1/5Y
|
||||
bPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZXAATnHega63qAJwW+BDmy
|
||||
wjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/16N/Y66loUJH7wb41XSl
|
||||
uo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5OftJohzF2N7uxeArd31I
|
||||
5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArvqvzzn4hzn02jsf6w/Me1
|
||||
0Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6LZPA2J3INvhVl8W+vqsl
|
||||
/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlWCS6IQandjuaDoeqLyu1M
|
||||
Az8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfVZa50m7TzpCVqjgdB7PUp
|
||||
kcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhcZg5ACoYYg5svgZUazo0B
|
||||
c1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y4vQx496uLj7E0UMzPCIB
|
||||
cAAAdAgoAp4IKAKeAAAAAHc3NoLXJzYQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nI
|
||||
TFj8/O6cOpUcsgsg1/5YbPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZX
|
||||
AATnHega63qAJwW+BDmywjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/
|
||||
16N/Y66loUJH7wb41XSluo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5
|
||||
OftJohzF2N7uxeArd31I5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArv
|
||||
qvzzn4hzn02jsf6w/Me10Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6
|
||||
LZPA2J3INvhVl8W+vqsl/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlW
|
||||
CS6IQandjuaDoeqLyu1MAz8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfV
|
||||
Za50m7TzpCVqjgdB7PUpkcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhc
|
||||
Zg5ACoYYg5svgZUazo0Bc1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y
|
||||
4vQx496uLj7E0UMzPCIBcAAAADAQABAAACAFUT1q+tiidIv47kKcRvGhiKKFKrOzC3dyrS
|
||||
1RxiSjdd8A7pK78zOaYcML5ZDzSnTJoCx6zdg24K8kmV9aiygWbI9C/K53kqiTlGkvd4K3
|
||||
KjiT1Tzz2MNyysMbiYWagDUOE4Af6JamfFCkY6yrnW/RyzpKRwQxpB1n+FZm/bAPOh1+wh
|
||||
eP8464IY3ZB/SYOS6G3p2t+4F5++yUiUkliHf9awwp7lA2dKkNXSIJOMANk/yLqDMUTzlo
|
||||
/EHPWdiDr+Gj95R5djHa6QSuzGG99tRxSRtn8bsZZewszoa9WOkiuZe78FsSgly9vEjA3P
|
||||
hFNm71Hb2Jzl1Efd5EYAXAjutv5ouKDxLHjCSuFmB0j7b+ZXMulVvF9Ka7RK0GxTZnpv50
|
||||
AwzeBHdadHdtciHytTV+aggTLt5fj/1zYFw8FutUGXI4XrmC3KlDQ1etqmX0dwCS64GdpC
|
||||
BCA/Fsw5G/iYqZApkKb4d71ftULObmEQy3G8VhLSpNUzDuDgHfP2wWniX6pFZokUu6GHws
|
||||
t3NStX3SgReG+yuZ/vqFgDmijW/QtreL6HcjA2dysav07BkXEroaP+fA7fltK8MybKNAN4
|
||||
uHt8I4kZrPwwV2w1EllyZEdvwIa6oe0gTjHgmN0ijYshcTFS1RNnvtauxZ02LkpZVyEPDW
|
||||
VFQKTB+HICqXyZ+pshAAABAHleerfKzAyvr383dCNjYpVCvRHZaqpm63gARf5vkh4599Gp
|
||||
CuvMYxwq3z/Q9avtAJn92Libp1aWBOtGwhh7v8py42agNj52ytk8DeQRwKngmHQoyVJ3DG
|
||||
y5azutxF/JV0/bZwFvgeFhNrhG6ilOmCvMcMiaHidffXKdeo1f4nCbv9aj4S18ehEcV/zp
|
||||
uvHfgpz7K4I4eqBKQTqlCa1/Zle0tvZuk/PVnJUu8Qd3e/ZVWBVa/OG54MElbpYS76kGPw
|
||||
A1FTy9CAUujYqtEW1OSoSjQB3DIRkhExowtuaeNu+UrT4sqA713/SVODUPRciOCyoQvfXm
|
||||
vJA+HEWZwhh5JNgAAAEBAM1wwERBlJ7y9C1PARp35LHM3e2iBnROdQ45g4nzyLR6Z8k39z
|
||||
8AoToiJhnO7fkuobY+b2Pvs9ncWSRtapNzXBz7tanMGIZoLAt1+2f1s8TM5dKTHNdhZpgQ
|
||||
vxy5TwkxqII4d9CNyfIxyyQkGSTl6QRVFGP5mvengfEpSL9n7S5RFjr0X1Lf2Pjrjkdwud
|
||||
DCiD/OtyTkfYL0zl0c1ezuc6rN6AX+3lhK88v9xQQcSYcd2s9qQjjccL5Onaio6e9VgSiM
|
||||
gSehvmLn7FPYOEajEQ7bLblqoSItz5r9EcfeE4eUBzaZHJDZ5qF96+cneIr+26H1UEfsTw
|
||||
/GGxJzlfW2b2UAAAEBAMJFhE16Ek4iLKy0gQRJArVvbathgKJBz+CJLSKpX8N++34Vs/tZ
|
||||
oF7t4FF59OK/wghAPDTDv1q2MyUpIlpvIzdNE7mZzChM6aVXkKHKJfOxEFCnP2c52e4Lm1
|
||||
0LRyL2JSUB9e9s728ORCAW3LEm58UsPVkEV1DwvQ45xHf7jOhiHfLTA7sDt6ram/cXdP49
|
||||
WgCAR03bd2vvQlvMWnKnwkLQd8CpR6FGe0CfvWrobHaPs0jKxPKij0gi3GY27EvXH11h01
|
||||
fEAc4ag4iC1NEhyzQbWDrP6evoremWchYhNKmXyw+P5vEAPgr/OxmYJflu6f4FhVQzW9d9
|
||||
E5rOblFvb8sAAAAJcGFsb0BwZXBlAQI=
|
||||
-----END OPENSSH PRIVATE KEY-----
|
1
terranix/tinc-test/sshkey.pub
Normal file
1
terranix/tinc-test/sshkey.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb5ztD3BvAHSOk+fac6Q4c8uvZUJWLmchMWPz87pw6lRyyCyDX/lhs9V6IapvMvN3Z6jHCl7H5Zyn6gSAk78fVPY0/aeexGqxzNtxlcABOcd6BrreoAnBb4EObLCNkVYCBQHlVJdRuLCpXepS/nltc6q29jR/it07y1BehaOKkbP/Xo39jrqWhQkfvBvjVdKW6jgVk5Gwry7meHrbwS04fyTUcMzXx9KmenVnNaUEs/FITf3f/k5+0miHMXY3u7F4Ct3fUjkfg8sEEVLLRmHSacozu7BsLI/EUjWQODAYHPc/m0GLSnE2MCu+q/POfiHOfTaOx/rD8x7XQN6zrNEDPBgqv8+Tla9WeuZtlDKK9BW/k7W790SbsIj8Ii4kDotk8DYncg2+FWXxb6+qyX84p96Swkm/eyg/4WiZzLY2iQ2Y6ZJ2XvS5N9wCSB+5GsJC8OVYJLohBqd2O5oOh6ovK7UwDPxF4o37IMwfn1D/4f5NZ/Uwcbecn4l/Jw5wsUn65yLaRqYJ9VlrnSbtPOkJWqOB0Hs9SmRxpOVAf6wnuLgN1vPv7Fq68V1V0AmO0DTd5MalXbFwr4fNm+FxmDkAKhhiDmy+BlRrOjQFzV/IrZqrAcYcTPtfx13UQGm4hC2+zCVzamQgWKzeE1DjSp17fLi9DHj3q4uPsTRQzM8IgFw== palo@pepe
|
Loading…
Reference in a new issue