{ config, pkgs, lib, ... }: let retiolum = pkgs.fetchgit { url = "https://github.com/krebs/retiolum.git"; rev = "9e626816d8a48c6c328a91f0601af35a5ef0d167"; sha256 = "0z2b1pd7ki9wbz2079arygv83ckhqsijllj25iy64lgxk6arvbla"; }; in { imports = [ <modules> ]; networking.firewall.trustedInterfaces = [ "tinc.private" ]; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" module.cluster.services.tinc = { "retiolum" = { networkSubnet = "10.243.0.0/16"; port = 720; extraConfig = '' LocalDiscovery = yes AutoConnect = yes ''; privateEd25519KeyFile = toString <secrets/tinc/retiolum/ed25519_key>; privateRsaKeyFile = toString <secrets/tinc/retiolum/rsa_key>; hosts = { pepe = { tincIp = "10.243.23.1"; publicKey = lib.fileContents <assets/tinc/retiolum/host_file>; }; sterni = { tincIp = "10.243.23.3"; publicKey = lib.fileContents <assets/tinc/retiolum/host_file>; }; workhorse = { tincIp = "10.243.23.5"; publicKey = lib.fileContents <assets/tinc/retiolum/host_file>; }; workout = { tincIp = "10.243.23.4"; publicKey = lib.fileContents <assets/tinc/retiolum/host_file>; }; }; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" "insecure" = { networkSubnet = "10.123.42.0/24"; port = 721; extraConfig = '' LocalDiscovery = yes AutoConnect = yes ''; privateEd25519KeyFile = toString <secrets/tinc/ed25519_key>; privateRsaKeyFile = toString <secrets/tinc/rsa_key>; hosts = { sterni = { tincIp = "10.123.42.24"; # publicKey = lib.fileContents <assets/tinc/sterni_host_file>; publicKey = lib.fileContents <assets/tinc/workout_host_file>; }; porani = { tincIp = "10.123.42.31"; publicKey = lib.fileContents <assets/tinc/porani_host_file>; }; workhorse = { tincIp = "10.123.42.21"; publicKey = lib.fileContents <assets/tinc/workhorse_host_file>; }; sputnik = { realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ]; tincIp = "10.123.42.122"; publicKey = lib.fileContents <assets/tinc/sputnik_host_file>; }; }; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" "private" = { networkSubnet = "10.23.42.0/24"; extraConfig = '' LocalDiscovery = yes ''; privateEd25519KeyFile = toString <secrets/tinc/ed25519_key>; privateRsaKeyFile = toString <secrets/tinc/rsa_key>; hosts = { workout = { tincIp = "10.23.42.27"; publicKey = lib.fileContents <assets/tinc/workout_host_file>; }; pepe = { tincIp = "10.23.42.26"; publicKey = lib.fileContents <assets/tinc/pepe_host_file>; }; sterni = { tincIp = "10.23.42.24"; # publicKey = lib.fileContents <assets/tinc/sterni_host_file>; publicKey = lib.fileContents <assets/tinc/workout_host_file>; }; mobi = { tincIp = "10.23.42.23"; publicKey = lib.fileContents <assets/tinc/mobi_host_file>; }; #porani = { # tincIp = "10.23.42.31"; # publicKey = lib.fileContents <assets/tinc/porani_host_file>; #}; workhorse = { tincIp = "10.23.42.21"; publicKey = lib.fileContents <assets/tinc/workhorse_host_file>; }; sputnik = { realAddress = [ # "195.201.134.247:443" "static.247.134.201.195.clients.your-server.de:443" ]; tincIp = "10.23.42.122"; publicKey = lib.fileContents <assets/tinc/sputnik_host_file>; }; }; }; }; # retiolum stuff networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts"); systemd.services."tinc.retiolum" = { preStart = '' cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true ''; }; }