{ config, pkgs, lib, ... }: let retiolum = pkgs.fetchgit { url = "https://github.com/krebs/retiolum"; rev = "5b067937a10ea43f88f14cc6e0a5485c2ddcc826"; sha256 = "0kczrr6dr5dmhx2kbanw46w6ig2v3w42rqhjanv87xhwkgw81l08"; }; in { imports = [ ../../modules ]; networking.firewall.trustedInterfaces = [ "tinc.private" ]; users.users."tinc.private".group = "tinc.private"; users.groups."tinc.private" = { }; users.users."tinc.private".isSystemUser = lib.mkDefault true; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" module.cluster.services.tinc = { "retiolum" = { networkSubnet = "10.243.0.0/16"; port = 720; extraConfig = '' LocalDiscovery = yes AutoConnect = yes ''; privateEd25519KeyFile = toString config.sops.secrets.tinc_retiolum_ed25519_key.path; privateRsaKeyFile = toString config.sops.secrets.tinc_retiolum_rsa_key.path; hosts = { pepe = { tincIp = "10.243.23.1"; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; }; sterni = { tincIp = "10.243.23.3"; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; }; }; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" "secret" = { networkSubnet = "10.123.42.0/24"; port = 721; extraConfig = '' LocalDiscovery = yes AutoConnect = yes ''; privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path; privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path; hosts = { sternchen = { tincIp = "10.123.42.25"; publicKey = lib.fileContents ../../assets/tinc/sternchen_host_file; }; sterni = { tincIp = "10.123.42.24"; publicKey = lib.fileContents ../../assets/tinc/workout_host_file; }; robi = { realAddress = [ "144.76.13.147" ]; tincIp = "10.123.42.123"; publicKey = lib.fileContents ../../assets/tinc/robi_host_file; }; }; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" "private" = { networkSubnet = "10.23.42.0/24"; extraConfig = '' LocalDiscovery = yes ''; privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path; privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path; hosts = { pepe = { tincIp = "10.23.42.26"; publicKey = lib.fileContents ../../assets/tinc/pepe_host_file; }; sterni = { tincIp = "10.23.42.24"; publicKey = lib.fileContents ../../assets/tinc/workout_host_file; }; mobi = { tincIp = "10.23.42.23"; publicKey = lib.fileContents ../../assets/tinc/mobi_host_file; }; robi = { realAddress = [ "144.76.13.147" ]; tincIp = "10.23.42.111"; publicKey = lib.fileContents ../../assets/tinc/robi_host_file; }; }; }; }; sops.secrets.tinc_ed25519_key = { }; sops.secrets.tinc_rsa_key = { }; # retiolum stuff networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts"); systemd.services."tinc.retiolum" = { preStart = '' cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true ''; }; }