tinc-test: create setup for testing

terranix/tinc-test/.gitignore

@@ -0,0 +1,10 @@
+.terraform
+*.tf.json
+*.swp
+
+02-build/generated/**
+!02-build/generated/.keep
+
+terraform.tfstate
+terraform.tfstate.backup
+.terraform.tfstate.lock.info

terranix/tinc-test/01-terranix/config.nix

@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+let
+
+  hcloud-modules = pkgs.fetchgit {
+    #url = "https://github.com/mrVanDalo/terranix-hcloud.git";
+    url = "https://git.ingolf-wagner.de/terranix/hcloud.git";
+    rev = "b6896f385f45ecfd66e970663c55635c9fd8b26b";
+    sha256 = "1bggnbry7is7b7cjl63q6r5wg9pqz0jn8i3nnc4rqixp0ckwdn85";
+  };
+
+  #hcloud-modules = /home/palo/dev/terranix-hcloud/terraform-0.11;
+
+in {
+
+  imports = [
+    (toString hcloud-modules)
+
+    ./config/file-generation.nix
+    ./config/ssh-setup.nix
+  ];
+
+  #hcloud.export.nix = "${toString ../02-build/generated}/test.nix";
+
+  hcloud.nixserver.server = {
+    configurationFile = pkgs.writeText "configuration.nix" ''
+      { pkgs, lib, ... }:
+      {
+        environment.systemPackages = with pkgs; [
+          htop git vim mosh
+        ];
+        networking.firewall.allowedUDPPorts = [ 60001 ];
+      }
+    '';
+  };
+
+}

terranix/tinc-test/01-terranix/config/file-generation.nix

@@ -0,0 +1,30 @@
+# --------------------------------------------------------------------------------
+#
+# collect all server information and generate files which get picked up
+# by 02-build to deploy the machines properly.
+#
+# This makes it possible to deploy VPNs like tinc and wireguard.
+#
+# --------------------------------------------------------------------------------
+
+{ config, lib, pkgs, ... }: {
+  resource.local_file = {
+    nixosMachines = {
+      content = with lib;
+        let
+          serverPart = name: ''
+            ${name} = {
+              host = "''${ hcloud_server.${name}.ipv4_address }";
+              user = "root";
+            };
+          '';
+          allServerParts = map serverPart (attrNames config.hcloud.server);
+        in ''
+          {
+            ${concatStringsSep "\n" allServerParts}
+          }
+        '';
+      filename = "${toString ../../02-build/generated/nixos-machines.nix}";
+    };
+  };
+}

terranix/tinc-test/01-terranix/config/ssh-setup.nix

@@ -0,0 +1,44 @@
+# --------------------------------------------------------------------------------
+#
+# configure ssh setup
+#
+# --------------------------------------------------------------------------------
+
+{ config, lib, pkgs, ... }:
+let
+  ssh = {
+    privateKeyFile = ../../sshkey;
+    publicKeyFile = ../../sshkey.pub;
+  };
+  target = file: "${toString ../../02-build/generated}/${file}";
+in {
+  # configure admin ssh keys
+  users.admins.palo.publicKey = lib.fileContents ssh.publicKeyFile;
+
+  # configure provisioning private Key to be used when running provisioning on the machines
+  provisioner.privateKeyFile = toString ssh.privateKeyFile;
+
+  resource.local_file = {
+
+    # provide ssh key for the server
+    sshKey = {
+      content = lib.fileContents ssh.publicKeyFile;
+      filename = target "sshkey.pub";
+    };
+
+    sshConfig = {
+      filename = target "ssh-configuration";
+      content = with lib;
+        let
+          configPart = name: ''
+            Host ''${ hcloud_server.${name}.ipv4_address }
+            IdentityFile ${toString ssh.privateKeyFile}
+            ServerAliveInterval 60
+            ServerAliveCountMax 3
+          '';
+        in concatStringsSep "\n"
+        (map configPart (attrNames config.hcloud.server));
+    };
+  };
+}
+

terranix/tinc-test/01-terranix/shell.nix

@@ -0,0 +1,34 @@
+{ pkgs ? import <nixpkgs> { } }:
+
+let
+
+  terranix = pkgs.callPackage (pkgs.fetchgit {
+    url = "https://github.com/mrVanDalo/terranix.git";
+    rev = "6097722f3a94972a92d810f3a707351cd425a4be";
+    sha256 = "1d8w82mvgflmscvq133pz9ynr79cgd5qjggng85byk8axj6fg6jw";
+  }) { };
+
+  terraform = pkgs.writers.writeDashBin "terraform" ''
+    export TF_VAR_hcloud_api_token=`${pkgs.pass}/bin/pass development/hetzner.com/api-token`
+    ${pkgs.terraform_0_11}/bin/terraform "$@"
+  '';
+
+  create = pkgs.writers.writeDashBin "create" ''
+    ${terranix}/bin/terranix | ${pkgs.jq}/bin/jq '.' > ${
+      toString ./.
+    }/config.tf.json \
+      && ${terraform}/bin/terraform init \
+      && ${terraform}/bin/terraform apply
+  '';
+
+  clean = pkgs.writers.writeBashBin "clean" ''
+    ${terraform}/bin/terraform destroy
+    rm ${toString ./.}/config.tf.json
+    rm ${toString ./.}/terraform.tfstate*
+  '';
+
+in pkgs.mkShell {
+
+  buildInputs = with pkgs; [ terranix terraform create clean ];
+
+}

terranix/tinc-test/02-build/assets/tinc/client/ed25519_key.priv

@@ -0,0 +1,4 @@
+-----BEGIN ED25519 PRIVATE KEY-----
+gTFtvOMvD5KTUZeGNcTh5ngY/BktUd0OW/37jT8w+61eLP0ntMkaBB8yovTbJvXR
+vReDUb/hjIi7nhGgy2EzP6An4QtXWvTHWJSDefglGVlcFqPDbhRkJ8CpWbCGoIYt
+-----END ED25519 PRIVATE KEY-----

terranix/tinc-test/02-build/assets/tinc/client/host_file

@@ -0,0 +1,14 @@
+Ed25519PublicKey = OwJOU7l170hVi0g3HYpRVJXh6zwWYEZCvQq1mgBKCWL
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAwNR4EbAffxezhbmTIoetrUPPpo66rR9kPJkLCl/fTJbVE1ryjXNQ
+Cq0lefDURLT4L3Iw/XgBUIy1xpH8InolnYlL2DRadOvbA0nCUzoekwshcV1N6tCe
+HsxrVP5XSxGJ6Es7L0zzvqXCoYP4tic+N4ztZBknn9RRMY497qHPxLoejqPZndmj
+9VPciWtiZMhLPka/r0mS/Y7h2t3IQg3J2QCXjQoojTpGym9wPlBXcE2Hv5hYKM8X
+359/arLKlAi91I2SH1o6+rBoGaMB50goEnDvWqdha95CR9K/I7+eJm8/AiJCxus0
+2KKCK7K5GvBPifEgMX4AVF8bqgTF9VZi0peG3dUEsg2L/6XqfH6IeFziWfuzuR9k
+Ud0fzu235ssshMz/WHtTZiwTUc/xzs29PrF8ThieN/nt6tdBS3A0wdqeNfKjoD3k
+zgqcc+ODUUR4gaq/46W0lU8aiP1w32YmKLnrBmFYjZXHqXNgYOZctoW/SjblvpCK
+pYUxowFOXA8BU/eRiNZfa+b0ONe0XQOj8Q78st5XsCTlqHLkytdjwauZvM4jVuE9
+7lhvvr1ft/QO3RdBMXAXgDN0F2eDnzqdRE/rrvqNJCeheS9rmHE6Aa0e5yTcJMMK
+qCkys4lQn4y9RnfH3MpzRtRnpSKid31WcmCI+JYHLe4ZhFWXju4fKPECAwEAAQ==
+-----END RSA PUBLIC KEY-----

terranix/tinc-test/02-build/assets/tinc/client/rsa_key.priv

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAwNR4EbAffxezhbmTIoetrUPPpo66rR9kPJkLCl/fTJbVE1ry
+jXNQCq0lefDURLT4L3Iw/XgBUIy1xpH8InolnYlL2DRadOvbA0nCUzoekwshcV1N
+6tCeHsxrVP5XSxGJ6Es7L0zzvqXCoYP4tic+N4ztZBknn9RRMY497qHPxLoejqPZ
+ndmj9VPciWtiZMhLPka/r0mS/Y7h2t3IQg3J2QCXjQoojTpGym9wPlBXcE2Hv5hY
+KM8X359/arLKlAi91I2SH1o6+rBoGaMB50goEnDvWqdha95CR9K/I7+eJm8/AiJC
+xus02KKCK7K5GvBPifEgMX4AVF8bqgTF9VZi0peG3dUEsg2L/6XqfH6IeFziWfuz
+uR9kUd0fzu235ssshMz/WHtTZiwTUc/xzs29PrF8ThieN/nt6tdBS3A0wdqeNfKj
+oD3kzgqcc+ODUUR4gaq/46W0lU8aiP1w32YmKLnrBmFYjZXHqXNgYOZctoW/Sjbl
+vpCKpYUxowFOXA8BU/eRiNZfa+b0ONe0XQOj8Q78st5XsCTlqHLkytdjwauZvM4j
+VuE97lhvvr1ft/QO3RdBMXAXgDN0F2eDnzqdRE/rrvqNJCeheS9rmHE6Aa0e5yTc
+JMMKqCkys4lQn4y9RnfH3MpzRtRnpSKid31WcmCI+JYHLe4ZhFWXju4fKPECAwEA
+AQKCAgBp1PLlOlW/CkIUVcqkO/UdUEdqcZGRLNZ1z8VYd0/2GB5v1g2jhrNaeLdF
+2uCVqQFCARlUNAX8sI2fo0XPolx8vvrqealf3IbCojvOM+rN52D+eCgohUETRDxw
+VHuSjtiyrn+YMVLhwtY0kVrylk02bdlog8nUldHOMfRZwWNn5IKa5OCuGuI65kD3
+BwHksG1ji67uxKGxGjdpSSn83tZ2jDWhSf8BrAdoWYswGCY1U8f6ZuGT3D2NFVv4
+MpKudrHBM8YMARi3uBQaZfXIezjLDkK/7XexnTWhd9BCDYv+KjZZtHYT+MlzUJXC
+5/9iApyU58s0fqQtqlljkeUYBsaLOyMDvBzuZE36PM7dC988Wtr8B/4qwkCaveN1
+6Qz2i0iyNbtWJuGFqvorr+bNrvV8f/kinguWkpbE3uM3h43OAS2QIEGu9LAMsYic
+dJz7AKUw2nTifBTqrUkWO9Vx2fBaUnU3FCW5SnkayKewIZ2Fgc0xKCIS68jlM6uD
+p8z/FcKe9EEjb40lEcXMKmyEnMG7Qc/pAZa3M7t7UAmHSSLfG7zaECUxhQytHBPD
+xa08L6DRMmzvI4Ezdrt7KawydDTGM9bcH5fe2qgfK48jx2T9aIV2Vs/tgcIim8WF
+IK53oeJXMB8eXliGiPrwQkwFi3WoErsYkXF0Cn19IRayYNTOpQKCAQEA93l9mfCw
+pkCb/gbdkARsbmOxjGzAUfOvRdEt+MmAjzovG3HG9oUQT4M5xGWDpxLPP0uMMGVF
+XadUq1ZuSPK/mQaNHY5Tp/OBy3XC2YyiB1zYHrrbxmq54ikF+NwfaV2lVSeHt+TU
+tu3ZHDs7wXG7UsgL9MrD2aaBC/Sk2/3BKo9xUPOu54YlZsBCB+2NiZugdQUVwHDl
+Snj/dY1YhIEnRphY7CPj36vjDsSL1EqxKLTKKPJTJVU9cTQwCMGbR1OPoB8FjVVr
+51pz9dWS6P9iHZitoqv+uf8fe2AkUs5t6U2yFcHQYqvlKyIFsZSTOcWFM5oAZChj
+IBqsmbK7rUoHFwKCAQEAx3kPhwkkF1uvFCfnl+69UjDNovuJvCgf7eMNlzZbhzA5
+BbQPLeDbj/8q/3Anqoo2WvvWKVf+7du0KK+Cn6o4+xXCtkCvMUMWIVIUDWe+nykw
+STKfzAw5OrYr8ja4HsJu6y0Pm+qczksXCaRhqsRl120OHzyD8WOa758PE0+Lntjz
+v1HkJgDSTFcx4+gKZCikKTxwUT17W4phorY3qnYxCnP8e8relNxBIaY/EEbXUPMU
+5L3X60Hdscfde7N8/Yj9SQpRmL8qLEkHWSCeziLcN5zzc5wty5yQ/+0SZX4K1S2u
+Orv50afYiXC3TAOfYxDKf2DdVJwAJhbCZHIQQitVNwKCAQEAl3O2tnti4Jwx22kA
+N589bOF+S15S5NSps6Ss6dEH6J/HLJiZF02gCclZlSQ7Sghs5WOqzANuTD6XxrQC
+kopdT51+x1PPRr3z9TyAnvs+PhtH+KaK0geG8y4ABalRX/57rH2gxZ45wCoX8Psf
+OugLqEHdb1aYPZ904og6TJgjm5Rl2REJPZAPW67VulxbfpfLv1H5Wei9qrIaRSrX
+vV/9VWrvILVmRADB2MvYd3eurCbYge6ri/F6xMkXjIRQL3qoL2pMz44zl0b4KL8o
+RYfl2A8UVLXGErZb4fmYwUSsZ1exYTdX/MsOWTNdIKy43WZQeqAJFULSR1eLwhRs
+X0UqyQKCAQB4cB3x+JD0EYWKc/WfhKSGxbTDnYCyPL/akGcaT9W/sFwdl3Q6zTOE
+pBrAFGW+0Ki1Eq1iVSE1WJxUnHQQF2VEJQVlqXSeF9V61OYKmgM8clAXQhu9xfuf
++XJbUrKkz9zM3m44Q9XdsPT9+2SFCQQ8qDoIni9ERlG8MJuXm0W/6Vpyv+0zDPfs
+5BDZfLcZdnh39WgThT3ALbN53O+LWsWNfC6MSBdQZhRlTs1w9HT5CWwqGH4QK7rB
+pt2R3POw2U+lFDfkNDgweP+YzttTtzSj134e5cO41pWuEOQ0p3++60/xYqIZ9nAF
+vCrQGLfZxr+dXU0F0xM77C3/G+e5LBTNAoIBAAf/z1zNTwc8v/dbkK9Esd/3VYUs
+HEmVn7RguwbqmZcMFHLmyaWZxw3qu16bR7ktHm3NfVL5hyHJ58/UFwGvS/kVlIsz
++iAEoqjwpkNyCvT8ZdaB6grvCSV1Ac2m5YkQ9RxNCDtekLvBmw8izX/o0ESwwvkw
+eb/119fSOWB60/QQQzFREUL6KpKc+OMCLV5XfbAxTeaDahAhSTWMJxCfWqYYhFU0
+46bwiq+fo+DFHRo+BDJv7Wc8x/B/gzlSMFsxFZ0hUzXBk7Pqz3Rm/UK2cpn1DQ1/
+zQNglB1DM4IwzoQ/DGVzYeneRLEBfU1wVlxUUatBC9oXY6zz85FbzSdyl74=
+-----END RSA PRIVATE KEY-----

terranix/tinc-test/02-build/assets/tinc/client_host_file

@@ -0,0 +1 @@
+client/host_file

terranix/tinc-test/02-build/assets/tinc/ed25519_key

@@ -0,0 +1 @@
+server/ed25519_key

terranix/tinc-test/02-build/assets/tinc/rsa_key

@@ -0,0 +1 @@
+server/rsa_key

terranix/tinc-test/02-build/assets/tinc/server/ed25519_key

@@ -0,0 +1,4 @@
+-----BEGIN ED25519 PRIVATE KEY-----
+wNkj/HdU70l7X5XC5YVlWp3FBa8cBaDRy1LbJCjkh83CYYieSQ2IUWgHQ4Vhx253
+7bXVLSOnVIKMifAnBwSOSX7lTGI6gUP2aZCwa142WdxPDPiYv3sEMqK037VyfHVl
+-----END ED25519 PRIVATE KEY-----

terranix/tinc-test/02-build/assets/tinc/server/host_file

@@ -0,0 +1,14 @@
+Ed25519PublicKey = 1e5kBiOI1jtWmAsWNutVX8zwjI27NLBjqC99el83RVJ
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEA1qFa0YFVefm3kVXGG5j26TF4JNJtBpZo1Jtd9XB6cErMG80vrdvb
+RWNwCoY8SM21zN5ew9p7W/P8aClZShx7WRyIzPsTnc69N7zIosAIeXURgo8Ot2Yd
+1us5RquPxc6NZ0JhDkz50EgQiJ4fRaCmaBb68hP36U8XdO7VTn93+l0YlmvbhAny
+gB7iMOsXiDXxbzxOO+XC3ygaeO45ioEDduEv9Ny9KptXN08eOkxKL7dN4om2Nux0
+2EurWqTBYTrWki+XxovfvsmiM5AELHtTaUM8FwwEX0e7dV1cDYYqz3hWPmYgZ4Bj
+dp258VDa/sbUCiRVQfcxzHqbvd3UCoNG76YsGJ6s7TqoxvCCvB4ziH+d6/Uu+h5h
+DtjccwVQmW22A5DQHix4T/DmXs1GB5qzOa8eEd6cHTpqp/qzGmvC0un5BezY+CVR
+ZphzFoYGF6Q3T7JwC6LCMCNBOqby+bhZNYmkztRzhXvFFrBmj6E17+8Z5fgLgl6u
++1QhxQTjg3uvjZXmQh2+jjTwa3vO1pZR6k9yyLMo9zPpr7i7QY4tqPR8u4j0fkHj
+aXtOOj2wl0gDCnVX3mWeUKCJusCDdJ2hPpuz11pPQt67mxtUXO31aMM9J3mHjj0y
+PKl7NGKA7ozI9e4HV09KiozM6yrLrvLyoRTn8AgwVoMiEw91CHhDNRkCAwEAAQ==
+-----END RSA PUBLIC KEY-----

terranix/tinc-test/02-build/assets/tinc/server/rsa_key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEA1qFa0YFVefm3kVXGG5j26TF4JNJtBpZo1Jtd9XB6cErMG80v
+rdvbRWNwCoY8SM21zN5ew9p7W/P8aClZShx7WRyIzPsTnc69N7zIosAIeXURgo8O
+t2Yd1us5RquPxc6NZ0JhDkz50EgQiJ4fRaCmaBb68hP36U8XdO7VTn93+l0Ylmvb
+hAnygB7iMOsXiDXxbzxOO+XC3ygaeO45ioEDduEv9Ny9KptXN08eOkxKL7dN4om2
+Nux02EurWqTBYTrWki+XxovfvsmiM5AELHtTaUM8FwwEX0e7dV1cDYYqz3hWPmYg
+Z4Bjdp258VDa/sbUCiRVQfcxzHqbvd3UCoNG76YsGJ6s7TqoxvCCvB4ziH+d6/Uu
++h5hDtjccwVQmW22A5DQHix4T/DmXs1GB5qzOa8eEd6cHTpqp/qzGmvC0un5BezY
++CVRZphzFoYGF6Q3T7JwC6LCMCNBOqby+bhZNYmkztRzhXvFFrBmj6E17+8Z5fgL
+gl6u+1QhxQTjg3uvjZXmQh2+jjTwa3vO1pZR6k9yyLMo9zPpr7i7QY4tqPR8u4j0
+fkHjaXtOOj2wl0gDCnVX3mWeUKCJusCDdJ2hPpuz11pPQt67mxtUXO31aMM9J3mH
+jj0yPKl7NGKA7ozI9e4HV09KiozM6yrLrvLyoRTn8AgwVoMiEw91CHhDNRkCAwEA
+AQKCAgBSwt9ZP+zs3tzo/tEoXSCApSG12SpPSvpbWRmvBdNAr6bq5YEIImn35LMU
+a9SdIi2DNRAHp5y/xWJD7AXRLRBnOTiLChnzVP/jmTkogLID25+H35AGKitBb2yj
+ko4a8V3XPmJceFQv+0nc1FQsrhjctFfJtud2oJfj8CByZ3alJPbRMf/wd0F6I+6G
+fHCThnF1uiRUtnEhSb6DeSDZBoyGb6jlW6TZ5BKKckiupDJLGfy/aOjJXv5jVTJa
+/oLO8jhBIHb/CXqaf/e6uELTwC5WvaVTIcAh2XAwfnJ7iIvDepyO7SR7pKc12vYT
+VmFLsvGag44YpLAgL/sUCJC2CQ71rtx79SNHegDkunqI+GZTSL1uuBHMXpSA75xm
+t6m6hcn3E0rL6wSZ+mgpyL1+AULWOSbU4XybsXjORzTsJfn91s7k5dyySQSRDy30
+z10fQzLPJI8kSmGtzUFpDMvOYpfmq5p0aMI58fvTqLgNc1wnJrj2SKfEQI0MnhKU
+BESIh63yjPQuPkeqpO1zf8OgmvZ/PU7Egbb8YAHzC11KBh2zKem6zL0Q/bLBcur1
+bcKT0VRq/5jpwLG1dpXf7KovatTjg44cjb+LFP6YnBhM1pc620Hc4G+TPJs3y56c
+OdmX6UCCvl1c4pZJ4Mmg7I1LvZcPFIYFFOTmLLixfWWH4n7vrQKCAQEA+PjO4I8Z
+RMMui1cpfoj3go4y/IY3bWF2Dgg6QgddagXxdFMVtFKD0LMlpbt3MUmGOjj7zepG
+1zeRnvgkAk6ZX/nibMkDWnyVMoews1WJC3YpOZdavjzJ2j3517rvomhSQWzbyOAt
+T1oR9dz2EYEFchYgJ+N5pmCvrhQd1nENpT9usxiVT+ecTE8sObJqY6a1otK969yO
+urIckDx8SqKY6V5iuTjcsdrSfzIlFKKZ5S9XPqg98lqWekYA9R5WMzolQGFVoDMI
+343HdE/oEExBR7X39E+D2YGwoepw6lVBHkmFd1px5Oc5kysAbvB1QiSoU1Oi85mN
+uBmrzxmYkQ/d7wKCAQEA3LBgoWzoez81rDh+i9vXweI7vKHy1htJnRPgYuxWtlvu
+RzgGK/FvOMOthVqpOR0fO1g+7/LupgNjBgGys+jTOeZiKwYEWuy0RCpjKmhc6j2y
+jwdXjzHf0Ve3MFF23qhaXhQHEgg9W1VQJwt8xv28mY96YznYB/JC0vLG2ZdQ5ASJ
+JHrrZNIk3h+32yBRq8312+cWRXmg27MSSfOrRAMSeoV0c7YvDakce9ZNaok/gbi9
+hA+yqxZc0SrkOXLA0plHzyzH492sonsdLjIQNApJv36NqD6ZHzcPy2iHK3ymhj+z
+QM/kt5QHFbK3OFBJbyHxtbSpMfJMvh5AgzyJhaildwKCAQAHe+MsGOEXkg5qHdqf
+dRqLkB60PIyZ+x4DWff2WCZUs40IhB7Y5soTke8FxlbU4nLoeSIIlIxAl+kGsErU
+zuwJWIeX4Yr6Q1hwxmdnXKDb+VdP5d7SbR1cNBS4iWP+q8gdM1p/9U0nX3u+uj+j
+Uw+I2GVrDYlwmONvBifHdGqGlxuKwqhqWHn4SUD5EwXjrPU0ycTvvBeGQShepZLO
+44hZK38oNi9cIUnGjQlUT3b0zrF+rqv+Bv8S+du5gonwzESmZMagJCiWH7rpIiXF
+p6UmtK+ZZnJ+LUnT9CokwR9N+8PJTKyzxseSRu6iZxP/Qv7UUmVJkUoTSKJDfW96
+nNF9AoIBAAOnU+I4SF0J/dx9DvNHz3mhQjXsRHXw+7YDBzr8CK96NCavscJ2e83n
+x26mwph0d/jmjBwy3GqZMcF+s7OwzhZuTv/BWL8cnhtmzD9+fNNP9C3UBEoVnEv9
+9MVzA9HJ3b0i/b75rfJeJjaPRSCSQNYV/wO3iHERPLP7WvltPOSZgp+8/TqtE/kt
+c0DIdzGt9j0OxVqfGd+pRks9In+8wUiP/w6PXJYQT61pLdzuqsN+CH0wOVgFxcGc
+wSyGTtTtvreaWTDXka0a9q+2GniSFwh5kuTPLH/MzJEkiOBabvNYCKKxDmtPoxJj
+5A6lnaGeYT8N36M5DLY1EAJcNTamRR8CggEBAPgc5Wr2YM9rmAB/15H+xk8H/tsI
+1hxgGtfdHdo9ZwIyowakuqQaIjbgFX64bE9cX9C62mJ12rP6YoTAz5zRBm4J1Eld
+U2PlnCwLJbtrdF83tTSi8n9Yo/y3wMFB0C+z2apEqOkLTUaz3REM+1N8CWVKMtaW
+CtEqfx2sIbwy/Y3i8kSyR8mZPiMlpGULLBPvcKSgZZnUzzo5gZh2mP9zwb0q669K
+71k3LzM8EY/1by8xrhhg5Iyanoeq2PwecUR4XD8pvpYRdUk+bERUSPyJenWa1JQ/
+df25AfKqmpoVp+LeICbZf4vNLxR1rs44fXPkMpu4SoQkSLuNYkoqpOngjjY=
+-----END RSA PRIVATE KEY-----

terranix/tinc-test/02-build/assets/tinc/server_host_file

@@ -0,0 +1 @@
+server/host_file

terranix/tinc-test/02-build/configs/nixserver-server/configuration.nix

@@ -0,0 +1,12 @@
+{ pkgs, lib, ... }: {
+  imports = [ ./hardware-configuration.nix ./tinc-server.nix ];
+
+  networking.hostName = "server";
+
+  environment.systemPackages = with pkgs; [ htop git vim mosh ];
+  networking.firewall.allowedUDPPorts = [ 60001 ];
+
+  services.sshd.enable = true;
+  users.users.root.openssh.authorizedKeys.keyFiles = [ <generated/sshkey.pub> ];
+
+}

terranix/tinc-test/02-build/configs/nixserver-server/hardware-configuration.nix

@@ -0,0 +1,8 @@
+{ ... }: {
+  imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
+  boot.loader.grub.device = "/dev/sda";
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+}

terranix/tinc-test/02-build/configs/nixserver-server/tinc-server.nix

@@ -0,0 +1,10 @@
+{
+  imports = [ ./tinc.nix ];
+
+  module.cluster.services.tinc = {
+    "test" = {
+      enable = true;
+      openPort = true;
+    };
+  };
+}

terranix/tinc-test/02-build/configs/nixserver-server/tinc.nix

@@ -0,0 +1,32 @@
+# shared tinc file between client and server
+{ config, pkgs, lib, ... }:
+
+{
+
+  imports = [ <cluster-module> ];
+
+  networking.firewall.trustedInterfaces = [ "tinc.private" ];
+
+  # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
+  module.cluster.services.tinc = {
+    "test" = {
+      networkSubnet = "10.123.142.0/24";
+      extraConfig = ''
+        LocalDiscovery = yes
+      '';
+      privateEd25519KeyFile = toString <assets/tinc/ed25519_key>;
+      privateRsaKeyFile = toString <assets/tinc/rsa_key>;
+      hosts = {
+        server = {
+          tincIp = "10.123.142.1";
+          publicKey = lib.fileContents <assets/tinc/server_host_file>;
+        };
+        client = {
+          tincIp = "10.123.142.100";
+          publicKey = lib.fileContents <assets/tinc/client_host_file>;
+        };
+      };
+    };
+  };
+}
+

terranix/tinc-test/02-build/shell.nix

@@ -0,0 +1,73 @@
+{ pkgs ? import <nixpkgs> { } }:
+
+with pkgs.lib;
+
+let
+
+  ops = let
+    opsImport = import ((import <nixpkgs> { }).fetchgit {
+      url = "https://github.com/mrVanDalo/plops.git";
+      rev = "9fabba016a3553ae6e13d5d17d279c4de2eb00ad";
+      sha256 = "193pajq1gcd9jyd12nii06q1sf49xdhbjbfqk3lcq83s0miqfs63";
+    });
+    overlay = self: super: {
+      # overwrite ssh to use the generated ssh configuration
+      openssh = super.writers.writeBashBin "ssh" ''
+        ${super.openssh}/bin/ssh -F ${
+          toString ./generated/ssh-configuration
+        } "$@"
+      '';
+    };
+  in opsImport { overlays = [ overlay ]; };
+
+  lib = ops.lib;
+  pkgs = ops.pkgs;
+
+  source = {
+
+    nixPkgs.nixpkgs.git = {
+      ref = "nixos-19.09";
+      url = "https://github.com/NixOS/nixpkgs-channels";
+    };
+
+    system = name: {
+      configs.file = toString ./configs;
+      assets.file = toString ./assets;
+      generated.file = toString ./generated;
+      nixos-config.symlink = "configs/${name}/configuration.nix";
+    };
+
+    modules.cluster-module.git = {
+      url = "https://git.ingolf-wagner.de/nix-modules/cluster.git";
+      ref = "1.2.0";
+    };
+
+  };
+
+  servers = import ./generated/nixos-machines.nix;
+
+  deployServer = name:
+    { user, host, ... }:
+    with ops;
+    jobs "deploy-${name}" "${user}@${host}" [
+      (populate (source.system name))
+      (populate source.nixPkgs)
+      (populate source.modules)
+      switch
+    ];
+
+  moshServer = name:
+    { user, host, ... }:
+    pkgs.writers.writeDashBin "mosh-${name}" ''
+      ${pkgs.mosh}/bin/mosh \
+        --ssh="${pkgs.openssh}/bin/ssh -F ${
+          toString ./generated/ssh-configuration
+        }" \
+        "${user}@${host}"
+    '';
+
+in pkgs.mkShell {
+  buildInputs = lib.mapAttrsToList deployServer servers
+    ++ mapAttrsToList moshServer servers;
+
+}

terranix/tinc-test/README.md

@@ -0,0 +1,39 @@
+
+A setup to test tinc on a hetzner box
+
+# steps
+
+## OPTIONAL: generate fresh ssh keys
+
+```sh
+ssh-keygen -P "" -f sshkey
+```
+
+## OPTIONAL: generate new tinc keys
+
+```
+nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
+cat *.pub host_file
+rm *.pub
+```
+
+## generate machine
+
+```sh
+cd ./01-terranix
+nix-shell --run "create"
+```
+
+## provision machine
+
+```sh
+cd ./02-build
+nix-shell --run deploy-server
+```
+
+## cleanup
+
+```sh
+cd ./01-terranix
+nix-shell --run "clean"
+```

terranix/tinc-test/sshkey

@@ -0,0 +1,49 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nITFj8/O6cOpUcsgsg1/5Y
+bPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZXAATnHega63qAJwW+BDmy
+wjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/16N/Y66loUJH7wb41XSl
+uo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5OftJohzF2N7uxeArd31I
+5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArvqvzzn4hzn02jsf6w/Me1
+0Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6LZPA2J3INvhVl8W+vqsl
+/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlWCS6IQandjuaDoeqLyu1M
+Az8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfVZa50m7TzpCVqjgdB7PUp
+kcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhcZg5ACoYYg5svgZUazo0B
+c1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y4vQx496uLj7E0UMzPCIB
+cAAAdAgoAp4IKAKeAAAAAHc3NoLXJzYQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nI
+TFj8/O6cOpUcsgsg1/5YbPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZX
+AATnHega63qAJwW+BDmywjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/
+16N/Y66loUJH7wb41XSluo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5
+OftJohzF2N7uxeArd31I5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArv
+qvzzn4hzn02jsf6w/Me10Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6
+LZPA2J3INvhVl8W+vqsl/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlW
+CS6IQandjuaDoeqLyu1MAz8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfV
+Za50m7TzpCVqjgdB7PUpkcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhc
+Zg5ACoYYg5svgZUazo0Bc1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y
+4vQx496uLj7E0UMzPCIBcAAAADAQABAAACAFUT1q+tiidIv47kKcRvGhiKKFKrOzC3dyrS
+1RxiSjdd8A7pK78zOaYcML5ZDzSnTJoCx6zdg24K8kmV9aiygWbI9C/K53kqiTlGkvd4K3
+KjiT1Tzz2MNyysMbiYWagDUOE4Af6JamfFCkY6yrnW/RyzpKRwQxpB1n+FZm/bAPOh1+wh
+eP8464IY3ZB/SYOS6G3p2t+4F5++yUiUkliHf9awwp7lA2dKkNXSIJOMANk/yLqDMUTzlo
+/EHPWdiDr+Gj95R5djHa6QSuzGG99tRxSRtn8bsZZewszoa9WOkiuZe78FsSgly9vEjA3P
+hFNm71Hb2Jzl1Efd5EYAXAjutv5ouKDxLHjCSuFmB0j7b+ZXMulVvF9Ka7RK0GxTZnpv50
+AwzeBHdadHdtciHytTV+aggTLt5fj/1zYFw8FutUGXI4XrmC3KlDQ1etqmX0dwCS64GdpC
+BCA/Fsw5G/iYqZApkKb4d71ftULObmEQy3G8VhLSpNUzDuDgHfP2wWniX6pFZokUu6GHws
+t3NStX3SgReG+yuZ/vqFgDmijW/QtreL6HcjA2dysav07BkXEroaP+fA7fltK8MybKNAN4
+uHt8I4kZrPwwV2w1EllyZEdvwIa6oe0gTjHgmN0ijYshcTFS1RNnvtauxZ02LkpZVyEPDW
+VFQKTB+HICqXyZ+pshAAABAHleerfKzAyvr383dCNjYpVCvRHZaqpm63gARf5vkh4599Gp
+CuvMYxwq3z/Q9avtAJn92Libp1aWBOtGwhh7v8py42agNj52ytk8DeQRwKngmHQoyVJ3DG
+y5azutxF/JV0/bZwFvgeFhNrhG6ilOmCvMcMiaHidffXKdeo1f4nCbv9aj4S18ehEcV/zp
+uvHfgpz7K4I4eqBKQTqlCa1/Zle0tvZuk/PVnJUu8Qd3e/ZVWBVa/OG54MElbpYS76kGPw
+A1FTy9CAUujYqtEW1OSoSjQB3DIRkhExowtuaeNu+UrT4sqA713/SVODUPRciOCyoQvfXm
+vJA+HEWZwhh5JNgAAAEBAM1wwERBlJ7y9C1PARp35LHM3e2iBnROdQ45g4nzyLR6Z8k39z
+8AoToiJhnO7fkuobY+b2Pvs9ncWSRtapNzXBz7tanMGIZoLAt1+2f1s8TM5dKTHNdhZpgQ
+vxy5TwkxqII4d9CNyfIxyyQkGSTl6QRVFGP5mvengfEpSL9n7S5RFjr0X1Lf2Pjrjkdwud
+DCiD/OtyTkfYL0zl0c1ezuc6rN6AX+3lhK88v9xQQcSYcd2s9qQjjccL5Onaio6e9VgSiM
+gSehvmLn7FPYOEajEQ7bLblqoSItz5r9EcfeE4eUBzaZHJDZ5qF96+cneIr+26H1UEfsTw
+/GGxJzlfW2b2UAAAEBAMJFhE16Ek4iLKy0gQRJArVvbathgKJBz+CJLSKpX8N++34Vs/tZ
+oF7t4FF59OK/wghAPDTDv1q2MyUpIlpvIzdNE7mZzChM6aVXkKHKJfOxEFCnP2c52e4Lm1
+0LRyL2JSUB9e9s728ORCAW3LEm58UsPVkEV1DwvQ45xHf7jOhiHfLTA7sDt6ram/cXdP49
+WgCAR03bd2vvQlvMWnKnwkLQd8CpR6FGe0CfvWrobHaPs0jKxPKij0gi3GY27EvXH11h01
+fEAc4ag4iC1NEhyzQbWDrP6evoremWchYhNKmXyw+P5vEAPgr/OxmYJflu6f4FhVQzW9d9
+E5rOblFvb8sAAAAJcGFsb0BwZXBlAQI=
+-----END OPENSSH PRIVATE KEY-----

terranix/tinc-test/sshkey.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb5ztD3BvAHSOk+fac6Q4c8uvZUJWLmchMWPz87pw6lRyyCyDX/lhs9V6IapvMvN3Z6jHCl7H5Zyn6gSAk78fVPY0/aeexGqxzNtxlcABOcd6BrreoAnBb4EObLCNkVYCBQHlVJdRuLCpXepS/nltc6q29jR/it07y1BehaOKkbP/Xo39jrqWhQkfvBvjVdKW6jgVk5Gwry7meHrbwS04fyTUcMzXx9KmenVnNaUEs/FITf3f/k5+0miHMXY3u7F4Ct3fUjkfg8sEEVLLRmHSacozu7BsLI/EUjWQODAYHPc/m0GLSnE2MCu+q/POfiHOfTaOx/rD8x7XQN6zrNEDPBgqv8+Tla9WeuZtlDKK9BW/k7W790SbsIj8Ii4kDotk8DYncg2+FWXxb6+qyX84p96Swkm/eyg/4WiZzLY2iQ2Y6ZJ2XvS5N9wCSB+5GsJC8OVYJLohBqd2O5oOh6ovK7UwDPxF4o37IMwfn1D/4f5NZ/Uwcbecn4l/Jw5wsUn65yLaRqYJ9VlrnSbtPOkJWqOB0Hs9SmRxpOVAf6wnuLgN1vPv7Fq68V1V0AmO0DTd5MalXbFwr4fNm+FxmDkAKhhiDmy+BlRrOjQFzV/IrZqrAcYcTPtfx13UQGm4hC2+zCVzamQgWKzeE1DjSp17fLi9DHj3q4uPsTRQzM8IgFw== palo@pepe