{ config, pkgs, lib, ... }: let retiolum = pkgs.fetchgit { url = "https://github.com/krebs/retiolum"; rev = "5b067937a10ea43f88f14cc6e0a5485c2ddcc826"; sha256 = "0kczrr6dr5dmhx2kbanw46w6ig2v3w42rqhjanv87xhwkgw81l08"; }; in { imports = [ ../../modules ]; networking.firewall.trustedInterfaces = [ "tinc.private" ]; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" module.cluster.services.tinc = { "retiolum" = { networkSubnet = "10.243.0.0/16"; port = 720; extraConfig = '' LocalDiscovery = yes AutoConnect = yes ''; privateEd25519KeyFile = toString config.sops.secrets.tinc_retiolum_ed25519_key.path; privateRsaKeyFile = toString config.sops.secrets.tinc_retiolum_rsa_key.path; hosts = { pepe = { tincIp = "10.243.23.1"; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; }; sterni = { tincIp = "10.243.23.3"; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; }; workhorse = { tincIp = "10.243.23.5"; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; }; workout = { tincIp = "10.243.23.4"; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; }; }; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" "secret" = { networkSubnet = "10.123.42.0/24"; port = 721; extraConfig = '' LocalDiscovery = yes AutoConnect = yes ''; privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path; privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path; hosts = { sternchen = { tincIp = "10.123.42.25"; publicKey = lib.fileContents ../../assets/tinc/sternchen_host_file; }; sterni = { tincIp = "10.123.42.24"; publicKey = lib.fileContents ../../assets/tinc/workout_host_file; }; porani = { tincIp = "10.123.42.31"; publicKey = lib.fileContents ../../assets/tinc/porani_host_file; }; workhorse = { tincIp = "10.123.42.21"; publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file; }; sputnik = { realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ]; tincIp = "10.123.42.122"; publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file; }; }; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" "private" = { networkSubnet = "10.23.42.0/24"; extraConfig = '' LocalDiscovery = yes ''; privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path; privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path; hosts = { workout = { tincIp = "10.23.42.27"; publicKey = lib.fileContents ../../assets/tinc/workout_host_file; }; pepe = { tincIp = "10.23.42.26"; publicKey = lib.fileContents ../../assets/tinc/pepe_host_file; }; sterni = { tincIp = "10.23.42.24"; publicKey = lib.fileContents ../../assets/tinc/workout_host_file; }; mobi = { tincIp = "10.23.42.23"; publicKey = lib.fileContents ../../assets/tinc/mobi_host_file; }; #porani = { # tincIp = "10.23.42.31"; # publicKey = lib.fileContents ../../assets/tinc/porani_host_file; #}; workhorse = { tincIp = "10.23.42.21"; publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file; }; sputnik = { realAddress = [ "195.201.134.247" "195.201.134.247:443" "static.247.134.201.195.clients.your-server.de" "static.247.134.201.195.clients.your-server.de:443" ]; tincIp = "10.23.42.122"; publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file; }; }; }; }; sops.secrets.tinc_ed25519_key = { }; sops.secrets.tinc_rsa_key = { }; # retiolum stuff networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts"); systemd.services."tinc.retiolum" = { preStart = '' cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true ''; }; }