{ config, pkgs, lib, ... }: let retiolum = pkgs.fetchgit { url = "https://github.com/krebs/retiolum"; rev = "5b067937a10ea43f88f14cc6e0a5485c2ddcc826"; sha256 = "0kczrr6dr5dmhx2kbanw46w6ig2v3w42rqhjanv87xhwkgw81l08"; }; in { imports = [ ../../modules ]; networking.firewall.trustedInterfaces = [ "tinc.private" ]; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" module.cluster.services.tinc = { "retiolum" = { networkSubnet = "10.243.0.0/16"; port = 720; extraConfig = '' LocalDiscovery = yes AutoConnect = yes ''; privateEd25519KeyFile = toString ; privateRsaKeyFile = toString ; hosts = { pepe = { tincIp = "10.243.23.1"; publicKey = lib.fileContents ; }; sterni = { tincIp = "10.243.23.3"; publicKey = lib.fileContents ; }; workhorse = { tincIp = "10.243.23.5"; publicKey = lib.fileContents ; }; workout = { tincIp = "10.243.23.4"; publicKey = lib.fileContents ; }; }; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" "secret" = { networkSubnet = "10.123.42.0/24"; port = 721; extraConfig = '' LocalDiscovery = yes AutoConnect = yes ''; privateEd25519KeyFile = toString ; privateRsaKeyFile = toString ; hosts = { sternchen = { tincIp = "10.123.42.25"; # publicKey = lib.fileContents ; publicKey = lib.fileContents ; }; sterni = { tincIp = "10.123.42.24"; # publicKey = lib.fileContents ; publicKey = lib.fileContents ; }; porani = { tincIp = "10.123.42.31"; publicKey = lib.fileContents ; }; workhorse = { tincIp = "10.123.42.21"; publicKey = lib.fileContents ; }; sputnik = { realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ]; tincIp = "10.123.42.122"; publicKey = lib.fileContents ; }; }; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" "private" = { networkSubnet = "10.23.42.0/24"; extraConfig = '' LocalDiscovery = yes ''; privateEd25519KeyFile = toString ; privateRsaKeyFile = toString ; hosts = { workout = { tincIp = "10.23.42.27"; publicKey = lib.fileContents ; }; pepe = { tincIp = "10.23.42.26"; publicKey = lib.fileContents ; }; sterni = { tincIp = "10.23.42.24"; # publicKey = lib.fileContents ; publicKey = lib.fileContents ; }; mobi = { tincIp = "10.23.42.23"; publicKey = lib.fileContents ; }; #porani = { # tincIp = "10.23.42.31"; # publicKey = lib.fileContents ; #}; workhorse = { tincIp = "10.23.42.21"; publicKey = lib.fileContents ; }; sputnik = { realAddress = [ "195.201.134.247" "195.201.134.247:443" "static.247.134.201.195.clients.your-server.de" "static.247.134.201.195.clients.your-server.de:443" ]; tincIp = "10.23.42.122"; publicKey = lib.fileContents ; }; }; }; }; # retiolum stuff networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts"); systemd.services."tinc.retiolum" = { preStart = '' cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true ''; }; }