tinc: add insecure network

2020-02-03 15:38:22 +13:00 · 2020-02-03 15:38:22 +13:00 · ae461485c3
commit ae461485c3
parent d028130a0b
5 changed files with 52 additions and 0 deletions
--- a/configs/porani/tinc.nix
+++ b/configs/porani/tinc.nix
@ -6,6 +6,11 @@
      openPort = true;
      connectTo = [ "sputnik" ];
    };
+    "insecure" = {
+      enable = true;
+      openPort = true;
+      connectTo = [ "sputnik" ];
+    };
  };

 }
--- a/configs/sputnik/tinc.nix
+++ b/configs/sputnik/tinc.nix
@ -4,6 +4,10 @@
      enable = true;
      openPort = true;
    };
+    "insecure" = {
+      enable = true;
+      openPort = true;
+    };
  };

 }
--- a/configs/sterni/tinc.nix
+++ b/configs/sterni/tinc.nix
@ -14,6 +14,11 @@ with lib;
      enable = true;
      openPort = true;
    };
+    "insecure" = {
+      enable = true;
+      openPort = true;
+      connectTo = [ "sputnik" ];
+    };
  };

 }
--- a/configs/workhorse/tinc.nix
+++ b/configs/workhorse/tinc.nix
@ -10,6 +10,11 @@
      enable = true;
      openPort = true;
    };
+    "insecure" = {
+      enable = true;
+      openPort = true;
+      connectTo = [ "sputnik" ];
+    };
  };

 }
--- a/system/all/tinc.nix
+++ b/system/all/tinc.nix
@ -44,6 +44,39 @@ in {
      };
    };
    # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
+    "insecure" = {
+      networkSubnet = "10.123.42.0/24";
+      port = 721;
+      extraConfig = ''
+        LocalDiscovery = yes
+        AutoConnect = yes
+      '';
+      privateEd25519KeyFile = toString <secrets/tinc/ed25519_key>;
+      privateRsaKeyFile = toString <secrets/tinc/rsa_key>;
+      hosts = {
+        sterni = {
+          tincIp = "10.123.42.24";
+          # publicKey  = lib.fileContents <assets/tinc/sterni_host_file>;
+          publicKey = lib.fileContents <assets/tinc/workout_host_file>;
+        };
+        porani = {
+          tincIp = "10.123.42.31";
+          publicKey = lib.fileContents <assets/tinc/porani_host_file>;
+        };
+        workhorse = {
+          tincIp = "10.123.42.21";
+          publicKey = lib.fileContents <assets/tinc/workhorse_host_file>;
+        };
+        sputnik = {
+          realAddress = [
+            "static.247.134.201.195.clients.your-server.de:721"
+          ];
+          tincIp = "10.123.42.122";
+          publicKey = lib.fileContents <assets/tinc/sputnik_host_file>;
+        };
+      };
+    };
+    # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
    "private" = {
      networkSubnet = "10.23.42.0/24";
      extraConfig = ''