palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Wiki Activity
nixos-config/nixos/system/all/tinc.nix

152 lines
4.7 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
let
retiolum = pkgs.fetchgit {
url = "https://github.com/krebs/retiolum";
rev = "5b067937a10ea43f88f14cc6e0a5485c2ddcc826";
sha256 = "0kczrr6dr5dmhx2kbanw46w6ig2v3w42rqhjanv87xhwkgw81l08";
};
in
{
imports = [ ../../modules ];
networking.firewall.trustedInterfaces = [ "tinc.private" ];
users.users."tinc.private".group = "tinc.private";
users.groups."tinc.private" = { };
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
module.cluster.services.tinc = {
"retiolum" = {
networkSubnet = "10.243.0.0/16";
port = 720;
extraConfig = ''
LocalDiscovery = yes
AutoConnect = yes
'';
privateEd25519KeyFile =
toString config.sops.secrets.tinc_retiolum_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_retiolum_rsa_key.path;
hosts = {
pepe = {
tincIp = "10.243.23.1";
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
};
sterni = {
tincIp = "10.243.23.3";
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
};
workhorse = {
tincIp = "10.243.23.5";
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
};
workout = {
tincIp = "10.243.23.4";
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
};
};
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
"secret" = {
networkSubnet = "10.123.42.0/24";
port = 721;
extraConfig = ''
LocalDiscovery = yes
AutoConnect = yes
'';
privateEd25519KeyFile =
toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = {
sternchen = {
tincIp = "10.123.42.25";
publicKey = lib.fileContents ../../assets/tinc/sternchen_host_file;
};
sterni = {
tincIp = "10.123.42.24";
publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
};
porani = {
tincIp = "10.123.42.31";
publicKey = lib.fileContents ../../assets/tinc/porani_host_file;
};
workhorse = {
tincIp = "10.123.42.21";
publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
};
sputnik = {
realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ];
tincIp = "10.123.42.122";
publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file;
};
};
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
"private" = {
networkSubnet = "10.23.42.0/24";
extraConfig = ''
LocalDiscovery = yes
'';
privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = {
workout = {
tincIp = "10.23.42.27";
publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
};
pepe = {
tincIp = "10.23.42.26";
publicKey = lib.fileContents ../../assets/tinc/pepe_host_file;
};
sterni = {
tincIp = "10.23.42.24";
publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
};
mobi = {
tincIp = "10.23.42.23";
publicKey = lib.fileContents ../../assets/tinc/mobi_host_file;
};
#porani = {
# tincIp = "10.23.42.31";
# publicKey = lib.fileContents ../../assets/tinc/porani_host_file;
#};
workhorse = {
tincIp = "10.23.42.21";
publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
};
robi = {
realAddress = [ "144.76.13.147" ];
tincIp = "10.23.42.111";
publicKey = lib.fileContents ../../assets/tinc/robi_host_file;
};
sputnik = {
realAddress = [
"195.201.134.247"
"195.201.134.247:443"
"static.247.134.201.195.clients.your-server.de"
"static.247.134.201.195.clients.your-server.de:443"
];
tincIp = "10.23.42.122";
publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file;
};
};
};
};
sops.secrets.tinc_ed25519_key = { };
sops.secrets.tinc_rsa_key = { };
# retiolum stuff
networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
systemd.services."tinc.retiolum" = {
preStart = ''
cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true
'';
};
}
Reference in a new issue View git blame Copy permalink