palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tinc: add insecure network

Browse source
This commit is contained in:
Ingolf Wagner 2020-02-03 15:38:22 +13:00
parent d028130a0b
commit ae461485c3
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
5 changed files with 52 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
configs/porani/tinc.nix
View file

@ -6,6 +6,11 @@
openPort = true; openPort = true;
connectTo = [ "sputnik" ]; connectTo = [ "sputnik" ];
}; };
"insecure" = {
enable = true;
openPort = true;
connectTo = [ "sputnik" ];
};
}; };
} }

4
configs/sputnik/tinc.nix
View file

@ -4,6 +4,10 @@
enable = true; enable = true;
openPort = true; openPort = true;
}; };
"insecure" = {
enable = true;
openPort = true;
};
}; };
} }

5
configs/sterni/tinc.nix
View file

@ -14,6 +14,11 @@ with lib;
enable = true; enable = true;
openPort = true; openPort = true;
}; };
"insecure" = {
enable = true;
openPort = true;
connectTo = [ "sputnik" ];
};
}; };
} }

5
configs/workhorse/tinc.nix
View file

@ -10,6 +10,11 @@
enable = true; enable = true;
openPort = true; openPort = true;
}; };
"insecure" = {
enable = true;
openPort = true;
connectTo = [ "sputnik" ];
};
}; };
} }

33
system/all/tinc.nix
View file

@ -44,6 +44,39 @@ in {
}; };
}; };
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
"insecure" = {
networkSubnet = "10.123.42.0/24";
port = 721;
extraConfig = ''
LocalDiscovery = yes
AutoConnect = yes
'';
privateEd25519KeyFile = toString <secrets/tinc/ed25519_key>;
privateRsaKeyFile = toString <secrets/tinc/rsa_key>;
hosts = {
sterni = {
tincIp = "10.123.42.24";
# publicKey = lib.fileContents <assets/tinc/sterni_host_file>;
publicKey = lib.fileContents <assets/tinc/workout_host_file>;
};
porani = {
tincIp = "10.123.42.31";
publicKey = lib.fileContents <assets/tinc/porani_host_file>;
};
workhorse = {
tincIp = "10.123.42.21";
publicKey = lib.fileContents <assets/tinc/workhorse_host_file>;
};
sputnik = {
realAddress = [
"static.247.134.201.195.clients.your-server.de:721"
];
tincIp = "10.123.42.122";
publicKey = lib.fileContents <assets/tinc/sputnik_host_file>;
};
};
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
"private" = { "private" = {
networkSubnet = "10.23.42.0/24"; networkSubnet = "10.23.42.0/24";
extraConfig = '' extraConfig = ''