palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/nixos/components/network/tinc/private.nix
Ingolf Wagner 80d0666f07
migrated media stuff
2024-04-07 10:18:13 +02:00

183 lines
5.9 KiB
Nix
Raw Blame History

{ ipv4
, ipv6
, config
, optionalString
, concatStringsSep
, mapAttrsToList
, ...
}:
let
hosts = {
mobi = "10.23.42.23";
sterni = "10.23.42.24";
bobi = "10.23.42.25";
pepe = "10.23.42.26";
cream = "10.23.42.27";
chungus = "10.23.42.28";
cherry = "10.23.42.29";
robi = "10.23.42.111";
orbi = "10.23.42.100";
};
subDomains = {
# orbi
"transmission2.orbi" = hosts.orbi;
"sonarr.orbi" = hosts.orbi;
"radarr.orbi" = hosts.orbi;
"prowlarr.orbi" = hosts.orbi;
# robi
"grafana.robi" = hosts.robi;
"loki.robi" = hosts.robi;
"prometheus.robi" = hosts.robi;
"sync.robi" = hosts.robi;
"transmission.robi" = hosts.robi;
"transmission2.robi" = hosts.robi;
"sonarr.robi" = hosts.robi;
"radarr.robi" = hosts.robi;
"tdarr.robi" = hosts.robi;
"prowlarr.robi" = hosts.robi;
"jellyseerr.robi" = hosts.robi;
"unmanic.robi" = hosts.robi;
# chungus
"de.tts.chungus" = hosts.chungus;
"en.tts.chungus" = hosts.chungus;
"flix.chungus" = hosts.chungus;
"git.chungus" = hosts.chungus;
"grafana.chungus" = hosts.chungus;
"loki.chungus" = hosts.chungus;
"prometheus.chungus" = hosts.chungus;
"s3.chungus" = hosts.chungus;
"minio.chungus" = hosts.chungus;
"sync.chungus" = hosts.chungus;
"tdarr.chungus" = hosts.chungus;
"trilium.chungus" = hosts.chungus;
"tts.chungus" = hosts.chungus;
"paperless.chungus" = hosts.chungus;
# cream
"trilium.cream" = hosts.cream;
};
network = "private";
in
{
networking.firewall.trustedInterfaces = [ "tinc.${network}" ];
sops.secrets.tinc_ed25519_key = { };
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
interfaceType = "tap";
extraConfig = ''
LocalDiscovery = yes
'';
hostSettings = {
mobi = {
subnets = [{ address = hosts.mobi; }];
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
};
cream = {
subnets = [{ address = hosts.cream; }];
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
};
cherry = {
subnets = [{ address = hosts.cherry; }];
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
};
sterni = {
subnets = [{ address = hosts.sterni; }];
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
};
bobi = {
subnets = [{ address = hosts.bobi; }];
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
};
pepe = {
subnets = [{ address = hosts.pepe; }];
settings.Ed25519PublicKey = "LnE+w6ZfNCky4Kad3TBxpFKRJ2PJshkSpW6mC3pcsPI";
};
chungus = {
subnets = [{ address = hosts.chungus; }];
settings.Ed25519PublicKey = "mJP+zzYGv42KItpSf3lMkr3dwa5xW3n3hi0W2Z75jfJ";
};
robi = {
addresses = [{ address = "144.76.13.147"; }];
subnets = [{ address = hosts.robi; }];
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
};
orbi = {
addresses = [{ address = "95.216.66.212"; }];
subnets = [{ address = hosts.orbi; }];
settings.Ed25519PublicKey = "/1OE8xsnRT6egxd/+iH9TE+tzlwiUJeNsGFIIWyc70A";
};
};
};
};
systemd.network.enable = true;
systemd.network.networks.${network}.extraConfig = ''
[Match]
Name = tinc.${network}
[Link]
# tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be
MTUBytes=1377
[Network]
${optionalString (ipv4 != null) "Address=${ipv4}/24"}
${optionalString (ipv6 != null) "Address=${ipv6}/28"}
RequiredForOnline = no
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
services.openssh.knownHosts = {
"orbi" = {
hostNames = [
"orbi.${network}"
hosts.orbi
"orbi"
"95.216.66.212"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTqV5ch4BokqDniDgCquRwfTz6aXXMTdZovIvqShfLV";
};
"robi" = {
hostNames = [
"robi.${network}"
hosts.robi
"robi"
"144.76.13.147"
"git.ingolf-wagner.de"
"taskd.ingolf-wagner.de"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
};
"sterni.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
};
"cream.${network}" = {
hostNames = [ "cream.${network}" hosts.cream ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
};
"cherry.${network}" = {
hostNames = [ "cherry.${network}" hosts.cream ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUXkewyZ94A7CeCyVvN0KCqPn+8x1BZaGWMAojlfCXO";
};
"pepe.${network}" = {
hostNames = [ "pepe.${network}" hosts.pepe ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
};
"chungus.${network}" = {
hostNames = [ "chungus.${network}" hosts.chungus ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9jrbOJbgapreRjttyOKWv5vxGMThn7kAwlk8WnSyL9";
};
"bobi.${network}" = {
hostNames = [ "bobi.${network}" hosts.bobi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk";
};
"mobi.${network}" = {
hostNames = [ "mobi.${network}" hosts.mobi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk";
};
};
}
Reference in a new issue View git blame Copy permalink