tinc-test: create setup for testing

This commit is contained in:
Ingolf Wagner 2020-01-06 18:37:25 +13:00
parent ed25e77465
commit 408efd069f
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
24 changed files with 520 additions and 0 deletions

10
terranix/tinc-test/.gitignore vendored Normal file
View file

@ -0,0 +1,10 @@
.terraform
*.tf.json
*.swp
02-build/generated/**
!02-build/generated/.keep
terraform.tfstate
terraform.tfstate.backup
.terraform.tfstate.lock.info

View file

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
let
hcloud-modules = pkgs.fetchgit {
#url = "https://github.com/mrVanDalo/terranix-hcloud.git";
url = "https://git.ingolf-wagner.de/terranix/hcloud.git";
rev = "b6896f385f45ecfd66e970663c55635c9fd8b26b";
sha256 = "1bggnbry7is7b7cjl63q6r5wg9pqz0jn8i3nnc4rqixp0ckwdn85";
};
#hcloud-modules = /home/palo/dev/terranix-hcloud/terraform-0.11;
in {
imports = [
(toString hcloud-modules)
./config/file-generation.nix
./config/ssh-setup.nix
];
#hcloud.export.nix = "${toString ../02-build/generated}/test.nix";
hcloud.nixserver.server = {
configurationFile = pkgs.writeText "configuration.nix" ''
{ pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
htop git vim mosh
];
networking.firewall.allowedUDPPorts = [ 60001 ];
}
'';
};
}

View file

@ -0,0 +1,30 @@
# --------------------------------------------------------------------------------
#
# collect all server information and generate files which get picked up
# by 02-build to deploy the machines properly.
#
# This makes it possible to deploy VPNs like tinc and wireguard.
#
# --------------------------------------------------------------------------------
{ config, lib, pkgs, ... }: {
resource.local_file = {
nixosMachines = {
content = with lib;
let
serverPart = name: ''
${name} = {
host = "''${ hcloud_server.${name}.ipv4_address }";
user = "root";
};
'';
allServerParts = map serverPart (attrNames config.hcloud.server);
in ''
{
${concatStringsSep "\n" allServerParts}
}
'';
filename = "${toString ../../02-build/generated/nixos-machines.nix}";
};
};
}

View file

@ -0,0 +1,44 @@
# --------------------------------------------------------------------------------
#
# configure ssh setup
#
# --------------------------------------------------------------------------------
{ config, lib, pkgs, ... }:
let
ssh = {
privateKeyFile = ../../sshkey;
publicKeyFile = ../../sshkey.pub;
};
target = file: "${toString ../../02-build/generated}/${file}";
in {
# configure admin ssh keys
users.admins.palo.publicKey = lib.fileContents ssh.publicKeyFile;
# configure provisioning private Key to be used when running provisioning on the machines
provisioner.privateKeyFile = toString ssh.privateKeyFile;
resource.local_file = {
# provide ssh key for the server
sshKey = {
content = lib.fileContents ssh.publicKeyFile;
filename = target "sshkey.pub";
};
sshConfig = {
filename = target "ssh-configuration";
content = with lib;
let
configPart = name: ''
Host ''${ hcloud_server.${name}.ipv4_address }
IdentityFile ${toString ssh.privateKeyFile}
ServerAliveInterval 60
ServerAliveCountMax 3
'';
in concatStringsSep "\n"
(map configPart (attrNames config.hcloud.server));
};
};
}

View file

@ -0,0 +1,34 @@
{ pkgs ? import <nixpkgs> { } }:
let
terranix = pkgs.callPackage (pkgs.fetchgit {
url = "https://github.com/mrVanDalo/terranix.git";
rev = "6097722f3a94972a92d810f3a707351cd425a4be";
sha256 = "1d8w82mvgflmscvq133pz9ynr79cgd5qjggng85byk8axj6fg6jw";
}) { };
terraform = pkgs.writers.writeDashBin "terraform" ''
export TF_VAR_hcloud_api_token=`${pkgs.pass}/bin/pass development/hetzner.com/api-token`
${pkgs.terraform_0_11}/bin/terraform "$@"
'';
create = pkgs.writers.writeDashBin "create" ''
${terranix}/bin/terranix | ${pkgs.jq}/bin/jq '.' > ${
toString ./.
}/config.tf.json \
&& ${terraform}/bin/terraform init \
&& ${terraform}/bin/terraform apply
'';
clean = pkgs.writers.writeBashBin "clean" ''
${terraform}/bin/terraform destroy
rm ${toString ./.}/config.tf.json
rm ${toString ./.}/terraform.tfstate*
'';
in pkgs.mkShell {
buildInputs = with pkgs; [ terranix terraform create clean ];
}

View file

@ -0,0 +1,4 @@
-----BEGIN ED25519 PRIVATE KEY-----
gTFtvOMvD5KTUZeGNcTh5ngY/BktUd0OW/37jT8w+61eLP0ntMkaBB8yovTbJvXR
vReDUb/hjIi7nhGgy2EzP6An4QtXWvTHWJSDefglGVlcFqPDbhRkJ8CpWbCGoIYt
-----END ED25519 PRIVATE KEY-----

View file

@ -0,0 +1,14 @@
Ed25519PublicKey = OwJOU7l170hVi0g3HYpRVJXh6zwWYEZCvQq1mgBKCWL
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAwNR4EbAffxezhbmTIoetrUPPpo66rR9kPJkLCl/fTJbVE1ryjXNQ
Cq0lefDURLT4L3Iw/XgBUIy1xpH8InolnYlL2DRadOvbA0nCUzoekwshcV1N6tCe
HsxrVP5XSxGJ6Es7L0zzvqXCoYP4tic+N4ztZBknn9RRMY497qHPxLoejqPZndmj
9VPciWtiZMhLPka/r0mS/Y7h2t3IQg3J2QCXjQoojTpGym9wPlBXcE2Hv5hYKM8X
359/arLKlAi91I2SH1o6+rBoGaMB50goEnDvWqdha95CR9K/I7+eJm8/AiJCxus0
2KKCK7K5GvBPifEgMX4AVF8bqgTF9VZi0peG3dUEsg2L/6XqfH6IeFziWfuzuR9k
Ud0fzu235ssshMz/WHtTZiwTUc/xzs29PrF8ThieN/nt6tdBS3A0wdqeNfKjoD3k
zgqcc+ODUUR4gaq/46W0lU8aiP1w32YmKLnrBmFYjZXHqXNgYOZctoW/SjblvpCK
pYUxowFOXA8BU/eRiNZfa+b0ONe0XQOj8Q78st5XsCTlqHLkytdjwauZvM4jVuE9
7lhvvr1ft/QO3RdBMXAXgDN0F2eDnzqdRE/rrvqNJCeheS9rmHE6Aa0e5yTcJMMK
qCkys4lQn4y9RnfH3MpzRtRnpSKid31WcmCI+JYHLe4ZhFWXju4fKPECAwEAAQ==
-----END RSA PUBLIC KEY-----

View file

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAwNR4EbAffxezhbmTIoetrUPPpo66rR9kPJkLCl/fTJbVE1ry
jXNQCq0lefDURLT4L3Iw/XgBUIy1xpH8InolnYlL2DRadOvbA0nCUzoekwshcV1N
6tCeHsxrVP5XSxGJ6Es7L0zzvqXCoYP4tic+N4ztZBknn9RRMY497qHPxLoejqPZ
ndmj9VPciWtiZMhLPka/r0mS/Y7h2t3IQg3J2QCXjQoojTpGym9wPlBXcE2Hv5hY
KM8X359/arLKlAi91I2SH1o6+rBoGaMB50goEnDvWqdha95CR9K/I7+eJm8/AiJC
xus02KKCK7K5GvBPifEgMX4AVF8bqgTF9VZi0peG3dUEsg2L/6XqfH6IeFziWfuz
uR9kUd0fzu235ssshMz/WHtTZiwTUc/xzs29PrF8ThieN/nt6tdBS3A0wdqeNfKj
oD3kzgqcc+ODUUR4gaq/46W0lU8aiP1w32YmKLnrBmFYjZXHqXNgYOZctoW/Sjbl
vpCKpYUxowFOXA8BU/eRiNZfa+b0ONe0XQOj8Q78st5XsCTlqHLkytdjwauZvM4j
VuE97lhvvr1ft/QO3RdBMXAXgDN0F2eDnzqdRE/rrvqNJCeheS9rmHE6Aa0e5yTc
JMMKqCkys4lQn4y9RnfH3MpzRtRnpSKid31WcmCI+JYHLe4ZhFWXju4fKPECAwEA
AQKCAgBp1PLlOlW/CkIUVcqkO/UdUEdqcZGRLNZ1z8VYd0/2GB5v1g2jhrNaeLdF
2uCVqQFCARlUNAX8sI2fo0XPolx8vvrqealf3IbCojvOM+rN52D+eCgohUETRDxw
VHuSjtiyrn+YMVLhwtY0kVrylk02bdlog8nUldHOMfRZwWNn5IKa5OCuGuI65kD3
BwHksG1ji67uxKGxGjdpSSn83tZ2jDWhSf8BrAdoWYswGCY1U8f6ZuGT3D2NFVv4
MpKudrHBM8YMARi3uBQaZfXIezjLDkK/7XexnTWhd9BCDYv+KjZZtHYT+MlzUJXC
5/9iApyU58s0fqQtqlljkeUYBsaLOyMDvBzuZE36PM7dC988Wtr8B/4qwkCaveN1
6Qz2i0iyNbtWJuGFqvorr+bNrvV8f/kinguWkpbE3uM3h43OAS2QIEGu9LAMsYic
dJz7AKUw2nTifBTqrUkWO9Vx2fBaUnU3FCW5SnkayKewIZ2Fgc0xKCIS68jlM6uD
p8z/FcKe9EEjb40lEcXMKmyEnMG7Qc/pAZa3M7t7UAmHSSLfG7zaECUxhQytHBPD
xa08L6DRMmzvI4Ezdrt7KawydDTGM9bcH5fe2qgfK48jx2T9aIV2Vs/tgcIim8WF
IK53oeJXMB8eXliGiPrwQkwFi3WoErsYkXF0Cn19IRayYNTOpQKCAQEA93l9mfCw
pkCb/gbdkARsbmOxjGzAUfOvRdEt+MmAjzovG3HG9oUQT4M5xGWDpxLPP0uMMGVF
XadUq1ZuSPK/mQaNHY5Tp/OBy3XC2YyiB1zYHrrbxmq54ikF+NwfaV2lVSeHt+TU
tu3ZHDs7wXG7UsgL9MrD2aaBC/Sk2/3BKo9xUPOu54YlZsBCB+2NiZugdQUVwHDl
Snj/dY1YhIEnRphY7CPj36vjDsSL1EqxKLTKKPJTJVU9cTQwCMGbR1OPoB8FjVVr
51pz9dWS6P9iHZitoqv+uf8fe2AkUs5t6U2yFcHQYqvlKyIFsZSTOcWFM5oAZChj
IBqsmbK7rUoHFwKCAQEAx3kPhwkkF1uvFCfnl+69UjDNovuJvCgf7eMNlzZbhzA5
BbQPLeDbj/8q/3Anqoo2WvvWKVf+7du0KK+Cn6o4+xXCtkCvMUMWIVIUDWe+nykw
STKfzAw5OrYr8ja4HsJu6y0Pm+qczksXCaRhqsRl120OHzyD8WOa758PE0+Lntjz
v1HkJgDSTFcx4+gKZCikKTxwUT17W4phorY3qnYxCnP8e8relNxBIaY/EEbXUPMU
5L3X60Hdscfde7N8/Yj9SQpRmL8qLEkHWSCeziLcN5zzc5wty5yQ/+0SZX4K1S2u
Orv50afYiXC3TAOfYxDKf2DdVJwAJhbCZHIQQitVNwKCAQEAl3O2tnti4Jwx22kA
N589bOF+S15S5NSps6Ss6dEH6J/HLJiZF02gCclZlSQ7Sghs5WOqzANuTD6XxrQC
kopdT51+x1PPRr3z9TyAnvs+PhtH+KaK0geG8y4ABalRX/57rH2gxZ45wCoX8Psf
OugLqEHdb1aYPZ904og6TJgjm5Rl2REJPZAPW67VulxbfpfLv1H5Wei9qrIaRSrX
vV/9VWrvILVmRADB2MvYd3eurCbYge6ri/F6xMkXjIRQL3qoL2pMz44zl0b4KL8o
RYfl2A8UVLXGErZb4fmYwUSsZ1exYTdX/MsOWTNdIKy43WZQeqAJFULSR1eLwhRs
X0UqyQKCAQB4cB3x+JD0EYWKc/WfhKSGxbTDnYCyPL/akGcaT9W/sFwdl3Q6zTOE
pBrAFGW+0Ki1Eq1iVSE1WJxUnHQQF2VEJQVlqXSeF9V61OYKmgM8clAXQhu9xfuf
+XJbUrKkz9zM3m44Q9XdsPT9+2SFCQQ8qDoIni9ERlG8MJuXm0W/6Vpyv+0zDPfs
5BDZfLcZdnh39WgThT3ALbN53O+LWsWNfC6MSBdQZhRlTs1w9HT5CWwqGH4QK7rB
pt2R3POw2U+lFDfkNDgweP+YzttTtzSj134e5cO41pWuEOQ0p3++60/xYqIZ9nAF
vCrQGLfZxr+dXU0F0xM77C3/G+e5LBTNAoIBAAf/z1zNTwc8v/dbkK9Esd/3VYUs
HEmVn7RguwbqmZcMFHLmyaWZxw3qu16bR7ktHm3NfVL5hyHJ58/UFwGvS/kVlIsz
+iAEoqjwpkNyCvT8ZdaB6grvCSV1Ac2m5YkQ9RxNCDtekLvBmw8izX/o0ESwwvkw
eb/119fSOWB60/QQQzFREUL6KpKc+OMCLV5XfbAxTeaDahAhSTWMJxCfWqYYhFU0
46bwiq+fo+DFHRo+BDJv7Wc8x/B/gzlSMFsxFZ0hUzXBk7Pqz3Rm/UK2cpn1DQ1/
zQNglB1DM4IwzoQ/DGVzYeneRLEBfU1wVlxUUatBC9oXY6zz85FbzSdyl74=
-----END RSA PRIVATE KEY-----

View file

@ -0,0 +1 @@
client/host_file

View file

@ -0,0 +1 @@
server/ed25519_key

View file

@ -0,0 +1 @@
server/rsa_key

View file

@ -0,0 +1,4 @@
-----BEGIN ED25519 PRIVATE KEY-----
wNkj/HdU70l7X5XC5YVlWp3FBa8cBaDRy1LbJCjkh83CYYieSQ2IUWgHQ4Vhx253
7bXVLSOnVIKMifAnBwSOSX7lTGI6gUP2aZCwa142WdxPDPiYv3sEMqK037VyfHVl
-----END ED25519 PRIVATE KEY-----

View file

@ -0,0 +1,14 @@
Ed25519PublicKey = 1e5kBiOI1jtWmAsWNutVX8zwjI27NLBjqC99el83RVJ
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA1qFa0YFVefm3kVXGG5j26TF4JNJtBpZo1Jtd9XB6cErMG80vrdvb
RWNwCoY8SM21zN5ew9p7W/P8aClZShx7WRyIzPsTnc69N7zIosAIeXURgo8Ot2Yd
1us5RquPxc6NZ0JhDkz50EgQiJ4fRaCmaBb68hP36U8XdO7VTn93+l0YlmvbhAny
gB7iMOsXiDXxbzxOO+XC3ygaeO45ioEDduEv9Ny9KptXN08eOkxKL7dN4om2Nux0
2EurWqTBYTrWki+XxovfvsmiM5AELHtTaUM8FwwEX0e7dV1cDYYqz3hWPmYgZ4Bj
dp258VDa/sbUCiRVQfcxzHqbvd3UCoNG76YsGJ6s7TqoxvCCvB4ziH+d6/Uu+h5h
DtjccwVQmW22A5DQHix4T/DmXs1GB5qzOa8eEd6cHTpqp/qzGmvC0un5BezY+CVR
ZphzFoYGF6Q3T7JwC6LCMCNBOqby+bhZNYmkztRzhXvFFrBmj6E17+8Z5fgLgl6u
+1QhxQTjg3uvjZXmQh2+jjTwa3vO1pZR6k9yyLMo9zPpr7i7QY4tqPR8u4j0fkHj
aXtOOj2wl0gDCnVX3mWeUKCJusCDdJ2hPpuz11pPQt67mxtUXO31aMM9J3mHjj0y
PKl7NGKA7ozI9e4HV09KiozM6yrLrvLyoRTn8AgwVoMiEw91CHhDNRkCAwEAAQ==
-----END RSA PUBLIC KEY-----

View file

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEA1qFa0YFVefm3kVXGG5j26TF4JNJtBpZo1Jtd9XB6cErMG80v
rdvbRWNwCoY8SM21zN5ew9p7W/P8aClZShx7WRyIzPsTnc69N7zIosAIeXURgo8O
t2Yd1us5RquPxc6NZ0JhDkz50EgQiJ4fRaCmaBb68hP36U8XdO7VTn93+l0Ylmvb
hAnygB7iMOsXiDXxbzxOO+XC3ygaeO45ioEDduEv9Ny9KptXN08eOkxKL7dN4om2
Nux02EurWqTBYTrWki+XxovfvsmiM5AELHtTaUM8FwwEX0e7dV1cDYYqz3hWPmYg
Z4Bjdp258VDa/sbUCiRVQfcxzHqbvd3UCoNG76YsGJ6s7TqoxvCCvB4ziH+d6/Uu
+h5hDtjccwVQmW22A5DQHix4T/DmXs1GB5qzOa8eEd6cHTpqp/qzGmvC0un5BezY
+CVRZphzFoYGF6Q3T7JwC6LCMCNBOqby+bhZNYmkztRzhXvFFrBmj6E17+8Z5fgL
gl6u+1QhxQTjg3uvjZXmQh2+jjTwa3vO1pZR6k9yyLMo9zPpr7i7QY4tqPR8u4j0
fkHjaXtOOj2wl0gDCnVX3mWeUKCJusCDdJ2hPpuz11pPQt67mxtUXO31aMM9J3mH
jj0yPKl7NGKA7ozI9e4HV09KiozM6yrLrvLyoRTn8AgwVoMiEw91CHhDNRkCAwEA
AQKCAgBSwt9ZP+zs3tzo/tEoXSCApSG12SpPSvpbWRmvBdNAr6bq5YEIImn35LMU
a9SdIi2DNRAHp5y/xWJD7AXRLRBnOTiLChnzVP/jmTkogLID25+H35AGKitBb2yj
ko4a8V3XPmJceFQv+0nc1FQsrhjctFfJtud2oJfj8CByZ3alJPbRMf/wd0F6I+6G
fHCThnF1uiRUtnEhSb6DeSDZBoyGb6jlW6TZ5BKKckiupDJLGfy/aOjJXv5jVTJa
/oLO8jhBIHb/CXqaf/e6uELTwC5WvaVTIcAh2XAwfnJ7iIvDepyO7SR7pKc12vYT
VmFLsvGag44YpLAgL/sUCJC2CQ71rtx79SNHegDkunqI+GZTSL1uuBHMXpSA75xm
t6m6hcn3E0rL6wSZ+mgpyL1+AULWOSbU4XybsXjORzTsJfn91s7k5dyySQSRDy30
z10fQzLPJI8kSmGtzUFpDMvOYpfmq5p0aMI58fvTqLgNc1wnJrj2SKfEQI0MnhKU
BESIh63yjPQuPkeqpO1zf8OgmvZ/PU7Egbb8YAHzC11KBh2zKem6zL0Q/bLBcur1
bcKT0VRq/5jpwLG1dpXf7KovatTjg44cjb+LFP6YnBhM1pc620Hc4G+TPJs3y56c
OdmX6UCCvl1c4pZJ4Mmg7I1LvZcPFIYFFOTmLLixfWWH4n7vrQKCAQEA+PjO4I8Z
RMMui1cpfoj3go4y/IY3bWF2Dgg6QgddagXxdFMVtFKD0LMlpbt3MUmGOjj7zepG
1zeRnvgkAk6ZX/nibMkDWnyVMoews1WJC3YpOZdavjzJ2j3517rvomhSQWzbyOAt
T1oR9dz2EYEFchYgJ+N5pmCvrhQd1nENpT9usxiVT+ecTE8sObJqY6a1otK969yO
urIckDx8SqKY6V5iuTjcsdrSfzIlFKKZ5S9XPqg98lqWekYA9R5WMzolQGFVoDMI
343HdE/oEExBR7X39E+D2YGwoepw6lVBHkmFd1px5Oc5kysAbvB1QiSoU1Oi85mN
uBmrzxmYkQ/d7wKCAQEA3LBgoWzoez81rDh+i9vXweI7vKHy1htJnRPgYuxWtlvu
RzgGK/FvOMOthVqpOR0fO1g+7/LupgNjBgGys+jTOeZiKwYEWuy0RCpjKmhc6j2y
jwdXjzHf0Ve3MFF23qhaXhQHEgg9W1VQJwt8xv28mY96YznYB/JC0vLG2ZdQ5ASJ
JHrrZNIk3h+32yBRq8312+cWRXmg27MSSfOrRAMSeoV0c7YvDakce9ZNaok/gbi9
hA+yqxZc0SrkOXLA0plHzyzH492sonsdLjIQNApJv36NqD6ZHzcPy2iHK3ymhj+z
QM/kt5QHFbK3OFBJbyHxtbSpMfJMvh5AgzyJhaildwKCAQAHe+MsGOEXkg5qHdqf
dRqLkB60PIyZ+x4DWff2WCZUs40IhB7Y5soTke8FxlbU4nLoeSIIlIxAl+kGsErU
zuwJWIeX4Yr6Q1hwxmdnXKDb+VdP5d7SbR1cNBS4iWP+q8gdM1p/9U0nX3u+uj+j
Uw+I2GVrDYlwmONvBifHdGqGlxuKwqhqWHn4SUD5EwXjrPU0ycTvvBeGQShepZLO
44hZK38oNi9cIUnGjQlUT3b0zrF+rqv+Bv8S+du5gonwzESmZMagJCiWH7rpIiXF
p6UmtK+ZZnJ+LUnT9CokwR9N+8PJTKyzxseSRu6iZxP/Qv7UUmVJkUoTSKJDfW96
nNF9AoIBAAOnU+I4SF0J/dx9DvNHz3mhQjXsRHXw+7YDBzr8CK96NCavscJ2e83n
x26mwph0d/jmjBwy3GqZMcF+s7OwzhZuTv/BWL8cnhtmzD9+fNNP9C3UBEoVnEv9
9MVzA9HJ3b0i/b75rfJeJjaPRSCSQNYV/wO3iHERPLP7WvltPOSZgp+8/TqtE/kt
c0DIdzGt9j0OxVqfGd+pRks9In+8wUiP/w6PXJYQT61pLdzuqsN+CH0wOVgFxcGc
wSyGTtTtvreaWTDXka0a9q+2GniSFwh5kuTPLH/MzJEkiOBabvNYCKKxDmtPoxJj
5A6lnaGeYT8N36M5DLY1EAJcNTamRR8CggEBAPgc5Wr2YM9rmAB/15H+xk8H/tsI
1hxgGtfdHdo9ZwIyowakuqQaIjbgFX64bE9cX9C62mJ12rP6YoTAz5zRBm4J1Eld
U2PlnCwLJbtrdF83tTSi8n9Yo/y3wMFB0C+z2apEqOkLTUaz3REM+1N8CWVKMtaW
CtEqfx2sIbwy/Y3i8kSyR8mZPiMlpGULLBPvcKSgZZnUzzo5gZh2mP9zwb0q669K
71k3LzM8EY/1by8xrhhg5Iyanoeq2PwecUR4XD8pvpYRdUk+bERUSPyJenWa1JQ/
df25AfKqmpoVp+LeICbZf4vNLxR1rs44fXPkMpu4SoQkSLuNYkoqpOngjjY=
-----END RSA PRIVATE KEY-----

View file

@ -0,0 +1 @@
server/host_file

View file

@ -0,0 +1,12 @@
{ pkgs, lib, ... }: {
imports = [ ./hardware-configuration.nix ./tinc-server.nix ];
networking.hostName = "server";
environment.systemPackages = with pkgs; [ htop git vim mosh ];
networking.firewall.allowedUDPPorts = [ 60001 ];
services.sshd.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [ <generated/sshkey.pub> ];
}

View file

@ -0,0 +1,8 @@
{ ... }: {
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
boot.loader.grub.device = "/dev/sda";
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
}

View file

@ -0,0 +1,10 @@
{
imports = [ ./tinc.nix ];
module.cluster.services.tinc = {
"test" = {
enable = true;
openPort = true;
};
};
}

View file

@ -0,0 +1,32 @@
# shared tinc file between client and server
{ config, pkgs, lib, ... }:
{
imports = [ <cluster-module> ];
networking.firewall.trustedInterfaces = [ "tinc.private" ];
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
module.cluster.services.tinc = {
"test" = {
networkSubnet = "10.123.142.0/24";
extraConfig = ''
LocalDiscovery = yes
'';
privateEd25519KeyFile = toString <assets/tinc/ed25519_key>;
privateRsaKeyFile = toString <assets/tinc/rsa_key>;
hosts = {
server = {
tincIp = "10.123.142.1";
publicKey = lib.fileContents <assets/tinc/server_host_file>;
};
client = {
tincIp = "10.123.142.100";
publicKey = lib.fileContents <assets/tinc/client_host_file>;
};
};
};
};
}

View file

@ -0,0 +1,73 @@
{ pkgs ? import <nixpkgs> { } }:
with pkgs.lib;
let
ops = let
opsImport = import ((import <nixpkgs> { }).fetchgit {
url = "https://github.com/mrVanDalo/plops.git";
rev = "9fabba016a3553ae6e13d5d17d279c4de2eb00ad";
sha256 = "193pajq1gcd9jyd12nii06q1sf49xdhbjbfqk3lcq83s0miqfs63";
});
overlay = self: super: {
# overwrite ssh to use the generated ssh configuration
openssh = super.writers.writeBashBin "ssh" ''
${super.openssh}/bin/ssh -F ${
toString ./generated/ssh-configuration
} "$@"
'';
};
in opsImport { overlays = [ overlay ]; };
lib = ops.lib;
pkgs = ops.pkgs;
source = {
nixPkgs.nixpkgs.git = {
ref = "nixos-19.09";
url = "https://github.com/NixOS/nixpkgs-channels";
};
system = name: {
configs.file = toString ./configs;
assets.file = toString ./assets;
generated.file = toString ./generated;
nixos-config.symlink = "configs/${name}/configuration.nix";
};
modules.cluster-module.git = {
url = "https://git.ingolf-wagner.de/nix-modules/cluster.git";
ref = "1.2.0";
};
};
servers = import ./generated/nixos-machines.nix;
deployServer = name:
{ user, host, ... }:
with ops;
jobs "deploy-${name}" "${user}@${host}" [
(populate (source.system name))
(populate source.nixPkgs)
(populate source.modules)
switch
];
moshServer = name:
{ user, host, ... }:
pkgs.writers.writeDashBin "mosh-${name}" ''
${pkgs.mosh}/bin/mosh \
--ssh="${pkgs.openssh}/bin/ssh -F ${
toString ./generated/ssh-configuration
}" \
"${user}@${host}"
'';
in pkgs.mkShell {
buildInputs = lib.mapAttrsToList deployServer servers
++ mapAttrsToList moshServer servers;
}

View file

@ -0,0 +1,39 @@
A setup to test tinc on a hetzner box
# steps
## OPTIONAL: generate fresh ssh keys
```sh
ssh-keygen -P "" -f sshkey
```
## OPTIONAL: generate new tinc keys
```
nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
cat *.pub host_file
rm *.pub
```
## generate machine
```sh
cd ./01-terranix
nix-shell --run "create"
```
## provision machine
```sh
cd ./02-build
nix-shell --run deploy-server
```
## cleanup
```sh
cd ./01-terranix
nix-shell --run "clean"
```

49
terranix/tinc-test/sshkey Executable file
View file

@ -0,0 +1,49 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nITFj8/O6cOpUcsgsg1/5Y
bPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZXAATnHega63qAJwW+BDmy
wjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/16N/Y66loUJH7wb41XSl
uo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5OftJohzF2N7uxeArd31I
5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArvqvzzn4hzn02jsf6w/Me1
0Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6LZPA2J3INvhVl8W+vqsl
/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlWCS6IQandjuaDoeqLyu1M
Az8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfVZa50m7TzpCVqjgdB7PUp
kcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhcZg5ACoYYg5svgZUazo0B
c1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y4vQx496uLj7E0UMzPCIB
cAAAdAgoAp4IKAKeAAAAAHc3NoLXJzYQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nI
TFj8/O6cOpUcsgsg1/5YbPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZX
AATnHega63qAJwW+BDmywjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/
16N/Y66loUJH7wb41XSluo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5
OftJohzF2N7uxeArd31I5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArv
qvzzn4hzn02jsf6w/Me10Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6
LZPA2J3INvhVl8W+vqsl/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlW
CS6IQandjuaDoeqLyu1MAz8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfV
Za50m7TzpCVqjgdB7PUpkcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhc
Zg5ACoYYg5svgZUazo0Bc1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y
4vQx496uLj7E0UMzPCIBcAAAADAQABAAACAFUT1q+tiidIv47kKcRvGhiKKFKrOzC3dyrS
1RxiSjdd8A7pK78zOaYcML5ZDzSnTJoCx6zdg24K8kmV9aiygWbI9C/K53kqiTlGkvd4K3
KjiT1Tzz2MNyysMbiYWagDUOE4Af6JamfFCkY6yrnW/RyzpKRwQxpB1n+FZm/bAPOh1+wh
eP8464IY3ZB/SYOS6G3p2t+4F5++yUiUkliHf9awwp7lA2dKkNXSIJOMANk/yLqDMUTzlo
/EHPWdiDr+Gj95R5djHa6QSuzGG99tRxSRtn8bsZZewszoa9WOkiuZe78FsSgly9vEjA3P
hFNm71Hb2Jzl1Efd5EYAXAjutv5ouKDxLHjCSuFmB0j7b+ZXMulVvF9Ka7RK0GxTZnpv50
AwzeBHdadHdtciHytTV+aggTLt5fj/1zYFw8FutUGXI4XrmC3KlDQ1etqmX0dwCS64GdpC
BCA/Fsw5G/iYqZApkKb4d71ftULObmEQy3G8VhLSpNUzDuDgHfP2wWniX6pFZokUu6GHws
t3NStX3SgReG+yuZ/vqFgDmijW/QtreL6HcjA2dysav07BkXEroaP+fA7fltK8MybKNAN4
uHt8I4kZrPwwV2w1EllyZEdvwIa6oe0gTjHgmN0ijYshcTFS1RNnvtauxZ02LkpZVyEPDW
VFQKTB+HICqXyZ+pshAAABAHleerfKzAyvr383dCNjYpVCvRHZaqpm63gARf5vkh4599Gp
CuvMYxwq3z/Q9avtAJn92Libp1aWBOtGwhh7v8py42agNj52ytk8DeQRwKngmHQoyVJ3DG
y5azutxF/JV0/bZwFvgeFhNrhG6ilOmCvMcMiaHidffXKdeo1f4nCbv9aj4S18ehEcV/zp
uvHfgpz7K4I4eqBKQTqlCa1/Zle0tvZuk/PVnJUu8Qd3e/ZVWBVa/OG54MElbpYS76kGPw
A1FTy9CAUujYqtEW1OSoSjQB3DIRkhExowtuaeNu+UrT4sqA713/SVODUPRciOCyoQvfXm
vJA+HEWZwhh5JNgAAAEBAM1wwERBlJ7y9C1PARp35LHM3e2iBnROdQ45g4nzyLR6Z8k39z
8AoToiJhnO7fkuobY+b2Pvs9ncWSRtapNzXBz7tanMGIZoLAt1+2f1s8TM5dKTHNdhZpgQ
vxy5TwkxqII4d9CNyfIxyyQkGSTl6QRVFGP5mvengfEpSL9n7S5RFjr0X1Lf2Pjrjkdwud
DCiD/OtyTkfYL0zl0c1ezuc6rN6AX+3lhK88v9xQQcSYcd2s9qQjjccL5Onaio6e9VgSiM
gSehvmLn7FPYOEajEQ7bLblqoSItz5r9EcfeE4eUBzaZHJDZ5qF96+cneIr+26H1UEfsTw
/GGxJzlfW2b2UAAAEBAMJFhE16Ek4iLKy0gQRJArVvbathgKJBz+CJLSKpX8N++34Vs/tZ
oF7t4FF59OK/wghAPDTDv1q2MyUpIlpvIzdNE7mZzChM6aVXkKHKJfOxEFCnP2c52e4Lm1
0LRyL2JSUB9e9s728ORCAW3LEm58UsPVkEV1DwvQ45xHf7jOhiHfLTA7sDt6ram/cXdP49
WgCAR03bd2vvQlvMWnKnwkLQd8CpR6FGe0CfvWrobHaPs0jKxPKij0gi3GY27EvXH11h01
fEAc4ag4iC1NEhyzQbWDrP6evoremWchYhNKmXyw+P5vEAPgr/OxmYJflu6f4FhVQzW9d9
E5rOblFvb8sAAAAJcGFsb0BwZXBlAQI=
-----END OPENSSH PRIVATE KEY-----

View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb5ztD3BvAHSOk+fac6Q4c8uvZUJWLmchMWPz87pw6lRyyCyDX/lhs9V6IapvMvN3Z6jHCl7H5Zyn6gSAk78fVPY0/aeexGqxzNtxlcABOcd6BrreoAnBb4EObLCNkVYCBQHlVJdRuLCpXepS/nltc6q29jR/it07y1BehaOKkbP/Xo39jrqWhQkfvBvjVdKW6jgVk5Gwry7meHrbwS04fyTUcMzXx9KmenVnNaUEs/FITf3f/k5+0miHMXY3u7F4Ct3fUjkfg8sEEVLLRmHSacozu7BsLI/EUjWQODAYHPc/m0GLSnE2MCu+q/POfiHOfTaOx/rD8x7XQN6zrNEDPBgqv8+Tla9WeuZtlDKK9BW/k7W790SbsIj8Ii4kDotk8DYncg2+FWXxb6+qyX84p96Swkm/eyg/4WiZzLY2iQ2Y6ZJ2XvS5N9wCSB+5GsJC8OVYJLohBqd2O5oOh6ovK7UwDPxF4o37IMwfn1D/4f5NZ/Uwcbecn4l/Jw5wsUn65yLaRqYJ9VlrnSbtPOkJWqOB0Hs9SmRxpOVAf6wnuLgN1vPv7Fq68V1V0AmO0DTd5MalXbFwr4fNm+FxmDkAKhhiDmy+BlRrOjQFzV/IrZqrAcYcTPtfx13UQGm4hC2+zCVzamQgWKzeE1DjSp17fLi9DHj3q4uPsTRQzM8IgFw== palo@pepe