nixos-config/components/network/tinc/private.nix
Ingolf Wagner f6427e5237
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 9m55s
🔧 put nginx in front of navidrome
2024-11-02 16:35:32 +09:00

110 lines
3.2 KiB
Nix

{
ipv4,
ipv6,
config,
optionalString,
concatStringsSep,
factsGenerator,
mapAttrsToList,
clanLib,
...
}:
let
hosts = {
bobi = "10.23.42.25";
cherry = "10.23.42.29";
chungus = "10.23.42.28";
# cream = "10.23.42.27";
mobi = "10.23.42.23";
orbi = "10.23.42.100";
};
subDomains = {
# orbi
"transmission2.orbi" = hosts.orbi;
"sonarr.orbi" = hosts.orbi;
"radarr.orbi" = hosts.orbi;
"lidarr.orbi" = hosts.orbi;
"prowlarr.orbi" = hosts.orbi;
"photoprism.orbi" = hosts.orbi;
# chungus
"video.chungus" = hosts.chungus;
"music.chungus" = hosts.chungus;
"de.tts.chungus" = hosts.chungus;
"en.tts.chungus" = hosts.chungus;
"flix.chungus" = hosts.chungus;
"git.chungus" = hosts.chungus;
"grafana.chungus" = hosts.chungus;
"loki.chungus" = hosts.chungus;
"prometheus.chungus" = hosts.chungus;
"s3.chungus" = hosts.chungus;
"minio.chungus" = hosts.chungus;
"sync.chungus" = hosts.chungus;
"tdarr.chungus" = hosts.chungus;
"tts.chungus" = hosts.chungus;
"paperless.chungus" = hosts.chungus;
};
network = "private";
Ed25519PublicKey = clanLib.readFact "tinc.private.ed25519_key.pub";
in
{
networking.firewall.trustedInterfaces = [ "tinc.${network}" ];
clan.core.facts.services.tinc_private = factsGenerator.tinc { name = "private"; };
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
interfaceType = "tap";
extraConfig = ''
LocalDiscovery = yes
'';
hostSettings = {
mobi = {
subnets = [ { address = hosts.mobi; } ];
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
};
bobi = {
subnets = [ { address = hosts.bobi; } ];
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
};
# cream = {
# subnets = [ { address = hosts.cream; } ];
# settings.Ed25519PublicKey = Ed25519PublicKey "cream";
# };
cherry = {
subnets = [ { address = hosts.cherry; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
};
chungus = {
subnets = [ { address = hosts.chungus; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "chungus";
};
orbi = {
addresses = [ { address = "95.216.66.212"; } ];
subnets = [ { address = hosts.orbi; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "orbi";
};
};
};
};
systemd.network.enable = true;
systemd.network.networks.${network}.extraConfig = ''
[Match]
Name = tinc.${network}
[Link]
# tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be
MTUBytes=1377
[Network]
${optionalString (ipv4 != null) "Address=${ipv4}/24"}
${optionalString (ipv6 != null) "Address=${ipv6}/28"}
RequiredForOnline = no
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
);
}