From ae461485c33bca0e8e67117afdcec5934f56d107 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Mon, 3 Feb 2020 15:38:22 +1300 Subject: [PATCH] tinc: add insecure network --- configs/porani/tinc.nix | 5 +++++ configs/sputnik/tinc.nix | 4 ++++ configs/sterni/tinc.nix | 5 +++++ configs/workhorse/tinc.nix | 5 +++++ system/all/tinc.nix | 33 +++++++++++++++++++++++++++++++++ 5 files changed, 52 insertions(+) diff --git a/configs/porani/tinc.nix b/configs/porani/tinc.nix index 5029f6f..56cbb60 100644 --- a/configs/porani/tinc.nix +++ b/configs/porani/tinc.nix @@ -6,6 +6,11 @@ openPort = true; connectTo = [ "sputnik" ]; }; + "insecure" = { + enable = true; + openPort = true; + connectTo = [ "sputnik" ]; + }; }; } diff --git a/configs/sputnik/tinc.nix b/configs/sputnik/tinc.nix index 234bf22..408357d 100644 --- a/configs/sputnik/tinc.nix +++ b/configs/sputnik/tinc.nix @@ -4,6 +4,10 @@ enable = true; openPort = true; }; + "insecure" = { + enable = true; + openPort = true; + }; }; } diff --git a/configs/sterni/tinc.nix b/configs/sterni/tinc.nix index 7e998e7..7774472 100644 --- a/configs/sterni/tinc.nix +++ b/configs/sterni/tinc.nix @@ -14,6 +14,11 @@ with lib; enable = true; openPort = true; }; + "insecure" = { + enable = true; + openPort = true; + connectTo = [ "sputnik" ]; + }; }; } diff --git a/configs/workhorse/tinc.nix b/configs/workhorse/tinc.nix index dcf8219..cc96007 100644 --- a/configs/workhorse/tinc.nix +++ b/configs/workhorse/tinc.nix @@ -10,6 +10,11 @@ enable = true; openPort = true; }; + "insecure" = { + enable = true; + openPort = true; + connectTo = [ "sputnik" ]; + }; }; } diff --git a/system/all/tinc.nix b/system/all/tinc.nix index f0eadfd..504baee 100644 --- a/system/all/tinc.nix +++ b/system/all/tinc.nix @@ -44,6 +44,39 @@ in { }; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" + "insecure" = { + networkSubnet = "10.123.42.0/24"; + port = 721; + extraConfig = '' + LocalDiscovery = yes + AutoConnect = yes + ''; + privateEd25519KeyFile = toString ; + privateRsaKeyFile = toString ; + hosts = { + sterni = { + tincIp = "10.123.42.24"; + # publicKey = lib.fileContents ; + publicKey = lib.fileContents ; + }; + porani = { + tincIp = "10.123.42.31"; + publicKey = lib.fileContents ; + }; + workhorse = { + tincIp = "10.123.42.21"; + publicKey = lib.fileContents ; + }; + sputnik = { + realAddress = [ + "static.247.134.201.195.clients.your-server.de:721" + ]; + tincIp = "10.123.42.122"; + publicKey = lib.fileContents ; + }; + }; + }; + # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" "private" = { networkSubnet = "10.23.42.0/24"; extraConfig = ''