143 lines
4.4 KiB
Nix
143 lines
4.4 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
|
|
retiolum = pkgs.fetchgit {
|
|
url = "https://github.com/krebs/retiolum";
|
|
rev = "5b067937a10ea43f88f14cc6e0a5485c2ddcc826";
|
|
sha256 = "0kczrr6dr5dmhx2kbanw46w6ig2v3w42rqhjanv87xhwkgw81l08";
|
|
};
|
|
|
|
in
|
|
{
|
|
|
|
imports = [ ../../modules ];
|
|
|
|
networking.firewall.trustedInterfaces = [ "tinc.private" ];
|
|
|
|
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
|
module.cluster.services.tinc = {
|
|
"retiolum" = {
|
|
networkSubnet = "10.243.0.0/16";
|
|
port = 720;
|
|
extraConfig = ''
|
|
LocalDiscovery = yes
|
|
AutoConnect = yes
|
|
'';
|
|
privateEd25519KeyFile =
|
|
toString config.sops.secrets.tinc_retiolum_ed25519_key.path;
|
|
privateRsaKeyFile = toString config.sops.secrets.tinc_retiolum_rsa_key.path;
|
|
hosts = {
|
|
pepe = {
|
|
tincIp = "10.243.23.1";
|
|
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
|
|
};
|
|
sterni = {
|
|
tincIp = "10.243.23.3";
|
|
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
|
|
};
|
|
workhorse = {
|
|
tincIp = "10.243.23.5";
|
|
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
|
|
};
|
|
workout = {
|
|
tincIp = "10.243.23.4";
|
|
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
|
|
};
|
|
};
|
|
};
|
|
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
|
"secret" = {
|
|
networkSubnet = "10.123.42.0/24";
|
|
port = 721;
|
|
extraConfig = ''
|
|
LocalDiscovery = yes
|
|
AutoConnect = yes
|
|
'';
|
|
privateEd25519KeyFile =
|
|
toString config.sops.secrets.tinc_ed25519_key.path;
|
|
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
|
|
hosts = {
|
|
sternchen = {
|
|
tincIp = "10.123.42.25";
|
|
publicKey = lib.fileContents ../../assets/tinc/sternchen_host_file;
|
|
};
|
|
sterni = {
|
|
tincIp = "10.123.42.24";
|
|
publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
|
|
};
|
|
porani = {
|
|
tincIp = "10.123.42.31";
|
|
publicKey = lib.fileContents ../../assets/tinc/porani_host_file;
|
|
};
|
|
workhorse = {
|
|
tincIp = "10.123.42.21";
|
|
publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
|
|
};
|
|
sputnik = {
|
|
realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ];
|
|
tincIp = "10.123.42.122";
|
|
publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file;
|
|
};
|
|
};
|
|
};
|
|
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
|
"private" = {
|
|
networkSubnet = "10.23.42.0/24";
|
|
extraConfig = ''
|
|
LocalDiscovery = yes
|
|
'';
|
|
privateEd25519KeyFile =
|
|
toString config.sops.secrets.tinc_ed25519_key.path;
|
|
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
|
|
hosts = {
|
|
workout = {
|
|
tincIp = "10.23.42.27";
|
|
publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
|
|
};
|
|
pepe = {
|
|
tincIp = "10.23.42.26";
|
|
publicKey = lib.fileContents ../../assets/tinc/pepe_host_file;
|
|
};
|
|
sterni = {
|
|
tincIp = "10.23.42.24";
|
|
publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
|
|
};
|
|
mobi = {
|
|
tincIp = "10.23.42.23";
|
|
publicKey = lib.fileContents ../../assets/tinc/mobi_host_file;
|
|
};
|
|
#porani = {
|
|
# tincIp = "10.23.42.31";
|
|
# publicKey = lib.fileContents ../../assets/tinc/porani_host_file;
|
|
#};
|
|
workhorse = {
|
|
tincIp = "10.23.42.21";
|
|
publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
|
|
};
|
|
sputnik = {
|
|
realAddress = [
|
|
"195.201.134.247"
|
|
"195.201.134.247:443"
|
|
"static.247.134.201.195.clients.your-server.de"
|
|
"static.247.134.201.195.clients.your-server.de:443"
|
|
];
|
|
tincIp = "10.23.42.122";
|
|
publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
sops.secrets.tinc_ed25519_key = { };
|
|
sops.secrets.tinc_rsa_key = { };
|
|
|
|
# retiolum stuff
|
|
networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
|
|
systemd.services."tinc.retiolum" = {
|
|
preStart = ''
|
|
cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true
|
|
'';
|
|
};
|
|
|
|
}
|
|
|