From ae461485c33bca0e8e67117afdcec5934f56d107 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Mon, 3 Feb 2020 15:38:22 +1300
Subject: [PATCH] tinc: add insecure network

---
 configs/porani/tinc.nix    |  5 +++++
 configs/sputnik/tinc.nix   |  4 ++++
 configs/sterni/tinc.nix    |  5 +++++
 configs/workhorse/tinc.nix |  5 +++++
 system/all/tinc.nix        | 33 +++++++++++++++++++++++++++++++++
 5 files changed, 52 insertions(+)

diff --git a/configs/porani/tinc.nix b/configs/porani/tinc.nix
index 5029f6f..56cbb60 100644
--- a/configs/porani/tinc.nix
+++ b/configs/porani/tinc.nix
@@ -6,6 +6,11 @@
       openPort = true;
       connectTo = [ "sputnik" ];
     };
+    "insecure" = {
+      enable = true;
+      openPort = true;
+      connectTo = [ "sputnik" ];
+    };
   };
 
 }
diff --git a/configs/sputnik/tinc.nix b/configs/sputnik/tinc.nix
index 234bf22..408357d 100644
--- a/configs/sputnik/tinc.nix
+++ b/configs/sputnik/tinc.nix
@@ -4,6 +4,10 @@
       enable = true;
       openPort = true;
     };
+    "insecure" = {
+      enable = true;
+      openPort = true;
+    };
   };
 
 }
diff --git a/configs/sterni/tinc.nix b/configs/sterni/tinc.nix
index 7e998e7..7774472 100644
--- a/configs/sterni/tinc.nix
+++ b/configs/sterni/tinc.nix
@@ -14,6 +14,11 @@ with lib;
       enable = true;
       openPort = true;
     };
+    "insecure" = {
+      enable = true;
+      openPort = true;
+      connectTo = [ "sputnik" ];
+    };
   };
 
 }
diff --git a/configs/workhorse/tinc.nix b/configs/workhorse/tinc.nix
index dcf8219..cc96007 100644
--- a/configs/workhorse/tinc.nix
+++ b/configs/workhorse/tinc.nix
@@ -10,6 +10,11 @@
       enable = true;
       openPort = true;
     };
+    "insecure" = {
+      enable = true;
+      openPort = true;
+      connectTo = [ "sputnik" ];
+    };
   };
 
 }
diff --git a/system/all/tinc.nix b/system/all/tinc.nix
index f0eadfd..504baee 100644
--- a/system/all/tinc.nix
+++ b/system/all/tinc.nix
@@ -44,6 +44,39 @@ in {
       };
     };
     # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
+    "insecure" = {
+      networkSubnet = "10.123.42.0/24";
+      port = 721;
+      extraConfig = ''
+        LocalDiscovery = yes
+        AutoConnect = yes
+      '';
+      privateEd25519KeyFile = toString <secrets/tinc/ed25519_key>;
+      privateRsaKeyFile = toString <secrets/tinc/rsa_key>;
+      hosts = {
+        sterni = {
+          tincIp = "10.123.42.24";
+          # publicKey  = lib.fileContents <assets/tinc/sterni_host_file>;
+          publicKey = lib.fileContents <assets/tinc/workout_host_file>;
+        };
+        porani = {
+          tincIp = "10.123.42.31";
+          publicKey = lib.fileContents <assets/tinc/porani_host_file>;
+        };
+        workhorse = {
+          tincIp = "10.123.42.21";
+          publicKey = lib.fileContents <assets/tinc/workhorse_host_file>;
+        };
+        sputnik = {
+          realAddress = [
+            "static.247.134.201.195.clients.your-server.de:721"
+          ];
+          tincIp = "10.123.42.122";
+          publicKey = lib.fileContents <assets/tinc/sputnik_host_file>;
+        };
+      };
+    };
+    # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
     "private" = {
       networkSubnet = "10.23.42.0/24";
       extraConfig = ''