{ config, pkgs, lib, ... }: let retiolum = pkgs.fetchgit { url = "https://github.com/krebs/retiolum.git"; rev = "9e626816d8a48c6c328a91f0601af35a5ef0d167"; sha256 = "0z2b1pd7ki9wbz2079arygv83ckhqsijllj25iy64lgxk6arvbla"; }; in { imports = [ ]; networking.firewall.trustedInterfaces = [ "tinc.private" ]; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" module.cluster.services.tinc = { "retiolum" = { networkSubnet = "10.243.0.0/16"; port = 720; extraConfig = '' LocalDiscovery = yes AutoConnect = yes ''; privateEd25519KeyFile = toString ; privateRsaKeyFile = toString ; hosts = { pepe = { tincIp = "10.243.23.1"; publicKey = lib.fileContents ; }; sterni = { tincIp = "10.243.23.3"; publicKey = lib.fileContents ; }; workhorse = { tincIp = "10.243.23.5"; publicKey = lib.fileContents ; }; workout = { tincIp = "10.243.23.4"; publicKey = lib.fileContents ; }; }; }; "private" = { networkSubnet = "10.23.42.0/24"; extraConfig = '' LocalDiscovery = yes ''; privateEd25519KeyFile = toString ; privateRsaKeyFile = toString ; hosts = { workout = { tincIp = "10.23.42.27"; publicKey = lib.fileContents ; }; pepe = { tincIp = "10.23.42.26"; publicKey = lib.fileContents ; }; sterni = { tincIp = "10.23.42.24"; # publicKey = lib.fileContents ; publicKey = lib.fileContents ; }; porani = { tincIp = "10.23.42.31"; publicKey = lib.fileContents ; }; workhorse = { tincIp = "10.23.42.21"; publicKey = lib.fileContents ; }; sputnik = { realAddress = [ # "195.201.134.247:443" "static.247.134.201.195.clients.your-server.de:443" ]; tincIp = "10.23.42.122"; publicKey = lib.fileContents ; }; }; }; }; # retiolum stuff networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts"); systemd.services."tinc.retiolum" = { preStart = '' cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true ''; }; }