summaryrefslogtreecommitdiff
path: root/custom/tinc
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2015-07-02 20:48:08 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2015-07-02 20:48:08 +0200
commit17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b (patch)
treea27f0391123c67239de909f3bd00679e5ee66d94 /custom/tinc
parent18fb5f4e19249c725eaf816b4b71e9058ee12bf1 (diff)
downloadnixos-17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b.tar
nixos-17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b.tar.gz
nixos-17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b.tar.bz2
nixos-17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b.tar.xz
nixos-17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b.zip
First work an tinc
Diffstat (limited to 'custom/tinc')
-rw-r--r--custom/tinc/def.nix175
-rwxr-xr-xcustom/tinc/generate_hostfile.hs19
-rw-r--r--custom/tinc/laeradhr-hosts.nix92
-rw-r--r--custom/tinc/laeradhr.nix33
-rw-r--r--custom/tinc/yggdrasil-hosts.nix81
-rw-r--r--custom/tinc/yggdrasil.nix33
6 files changed, 433 insertions, 0 deletions
diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
new file mode 100644
index 00000000..e191168f
--- /dev/null
+++ b/custom/tinc/def.nix
@@ -0,0 +1,175 @@
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6
7 cfg = config.services.tinc;
8
9in
10
11{
12
13 ###### interface
14
15 options = {
16
17 services.tinc = {
18
19 networks = mkOption {
20 default = { };
21 type = types.loaOf types.optionSet;
22 description = ''
23 Defines the tinc networks which will be started.
24 Each network invokes a different daemon.
25 '';
26 options = {
27
28 extraConfig = mkOption {
29 default = "";
30 type = types.lines;
31 description = ''
32 Extra lines to add to the tinc service configuration file.
33 '';
34 };
35
36 name = mkOption {
37 default = null;
38 type = types.nullOr types.str;
39 description = ''
40 The name of the node which is used as an identifier when communicating
41 with the remote nodes in the mesh. If null then the hostname of the system
42 is used.
43 '';
44 };
45
46 debugLevel = mkOption {
47 default = 0;
48 type = types.addCheck types.int (l: l >= 0 && l <= 5);
49 description = ''
50 The amount of debugging information to add to the log. 0 means little
51 logging while 5 is the most logging. <command>man tincd</command> for
52 more details.
53 '';
54 };
55
56 hosts = mkOption {
57 default = { };
58 type = types.loaOf types.lines;
59 description = ''
60 The name of the host in the network as well as the configuration for that host.
61 This name should only contain alphanumerics and underscores.
62 '';
63 };
64
65 interfaceType = mkOption {
66 default = "tun";
67 type = types.addCheck types.str (n: n == "tun" || n == "tap");
68 description = ''
69 The type of virtual interface used for the network connection
70 '';
71 };
72
73 package = mkOption {
74 default = pkgs.tinc_pre;
75 description = ''
76 The package to use for the tinc daemon's binary.
77 '';
78 };
79
80 scripts = mkOption {
81 default = { };
82 type = types.loaOf (types.nullOr types.str);
83 description = ''
84 Hook scripts
85 '';
86 };
87
88 };
89 };
90 };
91
92 };
93
94
95 ###### implementation
96
97 config = mkIf (cfg.networks != { }) {
98
99 environment.etc = fold (a: b: a // b) { }
100 (flip mapAttrsToList cfg.networks (network: data:
101 flip mapAttrs' data.hosts (host: text: nameValuePair
102 ("tinc/${network}/hosts/${host}")
103 ({ inherit text; })
104 ) // (flip mapAttrs' data.scripts (scriptName: text: nameValuePair
105 ("tinc/${network}/${scriptName}")
106 ({ mode = "0555"; inherit text; })
107 )) // {
108 "tinc/${network}/tinc.conf" = {
109 text = ''
110 Name = ${if data.name == null then "$HOST" else data.name}
111 DeviceType = ${data.interfaceType}
112 Device = /dev/net/tun
113 Interface = tinc.${network}
114 ${data.extraConfig}
115 '';
116 };
117 }
118 ));
119
120 networking.interfaces = flip mapAttrs' cfg.networks (network: data: nameValuePair
121 ("tinc.${network}")
122 ({
123 virtual = true;
124 virtualType = "${data.interfaceType}";
125 })
126 );
127
128 systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair
129 ("tinc.${network}")
130 ({
131 description = "Tinc Daemon - ${network}";
132 wantedBy = [ "network.target" ];
133 after = [ "network-interfaces.target" ];
134 path = [ data.package ];
135 restartTriggers = [ config.environment.etc."tinc/${network}/tinc.conf".source ]
136 ++ mapAttrsToList (host: _ : config.environment.etc."tinc/${network}/hosts/${host}".source) data.hosts;
137 serviceConfig = {
138 Type = "simple";
139 PIDFile = "/run/tinc.${network}.pid";
140 };
141 preStart = ''
142 ${pkgs.openresolv}/bin/resolvconf -d tinc.${network} || true
143 '';
144 # preStart = ''
145 # mkdir -p /etc/tinc/${network}/hosts
146
147 # # Determine how we should generate our keys
148 # if type tinc >/dev/null 2>&1; then
149 # # Tinc 1.1+ uses the tinc helper application for key generation
150
151 # # Prefer ED25519 keys (only in 1.1+)
152 # [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys
153
154 # # Otherwise use RSA keys
155 # [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096
156 # else
157 # # Tinc 1.0 uses the tincd application
158 # [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096
159 # fi
160 # '';
161 script = ''
162 tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}
163 '';
164 })
165 );
166
167 users.extraUsers = flip mapAttrs' cfg.networks (network: _:
168 nameValuePair ("tinc.${network}") ({
169 description = "Tinc daemon user for ${network}";
170 })
171 );
172
173 };
174
175}
diff --git a/custom/tinc/generate_hostfile.hs b/custom/tinc/generate_hostfile.hs
new file mode 100755
index 00000000..a8420780
--- /dev/null
+++ b/custom/tinc/generate_hostfile.hs
@@ -0,0 +1,19 @@
1#!/usr/bin/env runhaskell
2
3import System.Directory.Tree
4import Data.List
5
6main :: IO ()
7main = readDirectory "." >>= putStrLn . genHostFile
8
9genHostFile :: AnchoredDirTree String -> String
10genHostFile (_ :/ (Dir _ contents)) = "{\n" ++ entries ++ "\n}\n"
11 where
12 entries = concat [ genEntry name content | (File name content) <- contents, name `notElem` hidden ]
13 genEntry fileName fileContent = unlines . indent $ [ "\"" ++ fileName ++ "\" = ''" ] ++ indent (lines fileContent) ++ [ "'';" ]
14 hidden = [ "to_nix.sh"
15 , "signup.sh"
16 ]
17
18indent :: [String] -> [String]
19indent = map (" " ++)
diff --git a/custom/tinc/laeradhr-hosts.nix b/custom/tinc/laeradhr-hosts.nix
new file mode 100644
index 00000000..83b72899
--- /dev/null
+++ b/custom/tinc/laeradhr-hosts.nix
@@ -0,0 +1,92 @@
1{
2 "heimdallr" = ''
3 Subnet = 10.142.0.2
4 Subnet = 10.141.1.0/24
5
6 -----BEGIN RSA PUBLIC KEY-----
7 MIICCgKCAgEAzphcufJwioUu3I9120c7gimAC325metgKg3W8V3RfmRh2GWn/H+t
8 DvKRH3BwSTYrNnwNgyp60gY/XexVED0xCIDoGjWZsK2o60g5xA8fPAPckVaPP3Vj
9 a3gyN6Y2Tlb4Ef2uWNe8irPL928v6UgxGl9dlgG3G2hW19hfuBBziDFdQCtyR1FH
10 GKvpS2rgHHIljh51LRDN9G2eIv9FGVDmiAgUYKAgzhwOr+TIHOPshcgMYD0iZ86s
11 7iXJzWaiNTzx35ZzV5lkt+DafAQcWYrSV6858PXbx5HihU+ugTF+mbLuFitWNuja
12 DIZayUszmK/OBP8Mz3DP+NjRJugBv3hozpjMnSDZLMl7NcbwEn6+mj4Rrk9yMGPe
13 sNFclKtSiGHAJdCIdjK3gvC2z68NqRB23hxiPqfM0LBYlbZsA4AuYZyHlcoOTApe
14 3y+69VRyG2H++MIVheHqqvIckq/p3XqWT5dHtI3YU7cunNGc5OofKjmpO1x+UV2l
15 18H3DzW916pCNpqBlCj0wbv0h35ZUcxFCjTwSTPdjsqjninm6tPCXc2CgO2XOrPW
16 f4AekYifCwetD8bXbtycrYnykXLYJexIlFdUkUANa3H6cZ5gqGPE1ZF4Te1FVGCF
17 CSJrzSMDE0IidXqc/0dp9dsZQ5D4pi+/XYvAdx/HWV5PwD9UxmlB100CAwEAAQ==
18 -----END RSA PUBLIC KEY-----
19 '';
20 "sirius" = ''
21 Subnet = 10.142.0.100
22
23 -----BEGIN RSA PUBLIC KEY-----
24 MIICCgKCAgEAl+YcFEkCPtBJmKj9rFRr+Tcez3nV53cKhWj9kSuGbZ8idZdC+Qop
25 eEN00LRQsEJwVg8RHqdK96qbgf21DBNjXXURqkslvDyhOOH1CzXvxlzZHbppAeI8
26 lE3by62FaT2Uu7I6IKk+rcLnAOc2P5koYM8tm6C0deJM7uegutBrPNDJq7vgHidH
27 nhtduC/qX3wPf3D+69to0eIzswbIq5eQ+mrXoQJ2VMNsWZdEKCP23w/i+ikRkU6j
28 bU10sQt97KuqSNRE9QkTwtdPT2dduv6RdfgxDU1vSfWhv3xd3YPIgdfegF5sHBBc
29 W2v/R9pb01efcdev1+aW4TRZb9qN9qv3sr6Na2Jyti+Baqki1B8xwxjXX1vfm7k1
30 mxkScIfbxCWK5H9WzCoOsU+Vat3PWNUxZbGlPI+Bo8UJ+Ay5wuAwXEZA9XWNnSuj
31 D/UtxalyNMlHQzPqFgTdkuT1lyYZKoDLTAZxlAgDUcGvyQ+bx6uPj6yBZxqy26TM
32 ZJb9tK3BklIzc1vojs9XfNQnnMkCIHtMLsmqyzudE+FwJycishnUHKAJ5W8/tt6S
33 sFOfXN97FHUfAp1652Cax2xYznjpnrakNbsIGVThkpA9xm+GaLS4FQtVmYLMNna0
34 mE6NGf83Esgg1s9F9IR95O87WlYXAb99Ahcf3iOIZELBSTEu3JifBYcCAwEAAQ==
35 -----END RSA PUBLIC KEY-----
36 '';
37 "arbro" = ''
38 Subnet = 10.142.0.102
39
40 -----BEGIN RSA PUBLIC KEY-----
41 MIICCgKCAgEArS7bRAiVQMP+bIRrXs+FYLFm8SezgL/KEbbVTEy7N0fij1Yb/CtN
42 CRUhQDqQjIKPYwrXtd+fZCFIgAtn9RvtZPEaHAL1WUusuN1/zT4edZN1AOjr7ux5
43 2SIuMcdjo5S7tFhqvyBADs1oYeD9usmOzjEHd9AwFJGHVMWJKHjguHXi26vRfTIL
44 VkpEegzIo09dju98NUJr4iQPGKkHA15KV9iWO6DzOBSeHoxKk3ddqvp38oQmyvS2
45 MbjDuCBZNOe8GRmp82WawQOtyT9BGRfwXhYcXdzPgaVjBeR8bY4DmT8kqPnZqeXA
46 xigKk92rS2EUvB3QpBr8VDKaIwNXjxl+ASXqEWqOXbEO4KeOl41Cx61mKUZ7/Cg7
47 8RO6Ws/2kq8jBplYTKgF8Zb84goR6qHehjl9toCn84f3pYFgyRBAUmTOUhohS+/0
48 8M9M1MYRHKgJgIkzNeAGEo4Zv7AeWBpkN2VDyTkoWEeeezxqhz1w0U6UKxNZdIW/
49 oGHrImnCc4GE/JMkkh7FaweeIT4e7/xeDVKvF1xW6bCWksemD1ulZFToqEdpFd53
50 jN+UDo1vMwL8R0xJNXHRzlqlRovoDqHz9NcIVtsbs3vm/lIjlCutXo2ulIFO2ENC
51 emyCjZRlXhhPUrf8UD5Mbg20ksIDO46xJxLJmPqOM4sh39F6VRFgPz0CAwEAAQ==
52 -----END RSA PUBLIC KEY-----
53 '';
54 "surtr" = ''
55 Address = surtr.yggdrasil.li
56 Subnet = 10.142.0.1
57 Port = 656
58
59 -----BEGIN RSA PUBLIC KEY-----
60 MIICCgKCAgEAxZVZU4NxeB5uVzIgOKF5TWp5K/GcV9e4H1q6IHmp+qauST5vQS8i
61 3YPuTapKwMZnqHLMQG6+HkCAAVdKBMyKm9alznjfR+M8mtj/zNgce360JjeAXko6
62 mSBX02AeVhbj7WyhACt7sTKSIS6alXNCUnz038+qETgjrbNi518RPPBLz2Mf1woW
63 73ZkKmEjpG6khG3alzw5Ne3eaKWiy3DHymEH9jeqGmT83hkVjpgtTeCMnT35b1uR
64 ZJs1w7vn7ur/UV4FzuZHYMmPpS1OvXJqb8uolfrikdB760wJuyfPyus5Y49fC7PM
65 yxZZgpIdWlMyowLtv8zYO9iwpilQpwwyK8GMywzHQBga5/0EEh7gcy3MRVwRyP6Y
66 TP84VMntniIRaJ/JhwNxn9JLKMeI6ggiVwcj8KQ68nDf/SwodIFHPU7GCstOfk4i
67 LsG6/fRCCJc9exeBAU7PZEGDOEjwi6kAscy1pmKx6BwHaBjj74zLjn3VjzFvKH1b
68 ycydEFznNOUk8y3cFkT/zbDMz3Y7+/P/tEgMDWDynF4wGtFmTOpwbq3nVFMjRsww
69 yLEppO9LtGIS/vvXr4UEBG0T1NtOP5ht3xPuVyTNCK7hg/W0lybV30LhaSJzhO+l
70 qkmXVF8CqHuhA1e2UfQRTSVKCrTikbPIQnOazXI3Vt3Kw53qdscRuKMCAwEAAQ==
71 -----END RSA PUBLIC KEY-----
72 '';
73 "reimar" = ''
74 Subnet = 10.142.0.101
75
76 -----BEGIN RSA PUBLIC KEY-----
77 MIICCgKCAgEA361NGc6b0tmjD52jrudgWlWAVrGrRX8ApjuWhFLHpyfTD3g4D6Sl
78 QHAUU7xzBBrDMZ3YeMqbL5C96ar55InCxj0XccfFk/i0Decsi5kdBSp42nQdB9df
79 YTn1wGxgmTYljjlbxMCY8/zrn6AvyDJH2LGqk8fDf84+EfIjRLaGn4toI3GGcCB4
80 5tqjPEbfNXMdhFlErRyw7CZpIInMIpyoQG6TAgf09w+OyBPybudR3p8nXQliTkN6
81 idqH1g9W3hSaw0vNYJu7XCzUSPo+KguGpBZbNom21AXokIsZuPh2WornnTdUW7OZ
82 strVjctWuhqoa35Fp5pmkBHNQI6EoJLTfOzlxVdEGHhRo7X9HoCBj2q+ZoiU8/zu
83 MJPHSkPu7Iqdgx7EoBwSY7x72XStzQPQFpkFXTkS1ZGd/AdVvpYxraFrxnDZJ49Z
84 FxnGYCx7gc2VoKzVzczDqXWyYK9p3yd5T1n2kpOZ21iwcTQLYuLhLzsi7vNcMQZ6
85 9o0eLBIM5oHCZ77/Kyf0FT7s5UVceRxogsdEwcHEp84jhCpRSyp5Qt/yUPrytOrp
86 8OJWrkfDTqF8awOywPNTSlP8S4FvYF8p26Mx/VLIrDYyNlDbHSXHz5FzJcUacUxc
87 /SubpKAZ9yLC59PC0h1/Tca8jIqVcHbNUEqfxGsI/xhyviZIigwO/QECAwEAAQ==
88 -----END RSA PUBLIC KEY-----
89 '';
90
91}
92
diff --git a/custom/tinc/laeradhr.nix b/custom/tinc/laeradhr.nix
new file mode 100644
index 00000000..cf1b196d
--- /dev/null
+++ b/custom/tinc/laeradhr.nix
@@ -0,0 +1,33 @@
1{ config, pkgs, name, ip, ... }:
2
3{
4 config.services.tinc = {
5 networks = {
6 "laeradhr" = {
7 name = name;
8 debugLevel = 2;
9 hosts = ( import ./laeradhr-hosts.nix );
10 extraConfig = "ConnectTo = surtr";
11 scripts = {
12 tinc-up = ''
13 #!${pkgs.stdenv.shell}
14 ${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.142.0.2 dev $INTERFACE metric 9999
15 ${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.laeradhr <<EOF
16 domain yggdrasil
17 nameserver 10.141.1.1
18 EOF'';
19 tinc-down = ''
20 #!${pkgs.stdenv.shell}
21 ${pkgs.openresolv}/bin/resolvconf -d tinc.laeradhr'';
22 };
23 };
24 };
25 };
26
27 config.networking.interfaces."tinc.laeradhr" = {
28 useDHCP = false;
29 ip4 = [
30 { address = ip; prefixLength = 16; }
31 ];
32 };
33}
diff --git a/custom/tinc/yggdrasil-hosts.nix b/custom/tinc/yggdrasil-hosts.nix
new file mode 100644
index 00000000..6dbb58e3
--- /dev/null
+++ b/custom/tinc/yggdrasil-hosts.nix
@@ -0,0 +1,81 @@
1{
2 "vindler" = ''
3 Subnet = 10.141.3.1
4
5 -----BEGIN RSA PUBLIC KEY-----
6 MIIBCgKCAQEAoLNp7Q/ZfU2rs01Vk1hNlIpHxWJOLny3pvK0JKqjAchs+ccfYwoZ
7 eTUhfbydjXMtTmYeqcecKh+yNgGhhN7t44BZW89xjrxs7NqJuzp77+OAEGPz+6q9
8 o9bbU36tMwUebbhoBjt4fIkDtgWZh0tevAD2td1Fk4vwRvfJF6pIT+/OmU5noh5F
9 HWEn/HL9dLqWGn3vRYy3WR+/cmwT+K1RvzVFdKvHDEP2cY5dd1Ln7L1ztr5N9unH
10 sRCFWeIkIV35QY8D1RacWy3ZmoBlEJxbaXI9ZC5pCBcyqzNCUOycSY+HblD0W0/0
11 cih+b3ijr+NZHjSKcZyDnZLaVCWFbG6kkQIDAQAB
12 -----END RSA PUBLIC KEY-----
13 '';
14 "skadhi" = ''
15 Subnet = 10.141.2.0/24
16
17 -----BEGIN RSA PUBLIC KEY-----
18 MIICCgKCAgEAuHfSceBjEZrCUceHVODSTp1M8ffcfIinGRDFNpDVutEJNFnY3DOY
19 Bm1cD2TiDdIAiyhCT285AYdOxtGBI308DPlrqrzPWxt8V43CmykbB87lj8fNysta
20 pZo38gSXm39gpmC+9wqtYDmOiiEiUpAcmgX6OPhz01nHD8suUHdu3M1gFNoaZGAg
21 gbeJorwqiP8IKa2uvMiThNDEU9K6KgALDnijwh5Duns3ZugsIkDfHlwwx9hfaxV8
22 qi4aYlNYUiQ98pwazdDqSqC07zHaMPNBjqBJRN/hLvaPS0uK4xpxGyoeAA+6cGpM
23 3lvvV9vhZuLQnhTDcMv2cMMgVb1o+VzYmEruOf5g1wrtbhqJKAhxt6SToR5AMQ+D
24 1T8bFWnAKnEqa1LRKhAq/ancfM4f6PP9Any8O96zw2Nccbti29S262k/iMIPOmpW
25 YTHhzWhqCmg9LA0FCJpKhrkr/tKAXuz5hGfgViE8LzEEp9astIKjrqIecuMjP1RG
26 cpQMx5oqFVxxv74yuVkINEgh6NHjaMuu7v/8ZDOTsbMJNS6CLrAweKCPOBS5aodS
27 Wwe9OsyvV5vU2EpAtWixr+Kh51aL889fIaw8F2PO3w6wdRCdHz+csJvsVgVoYfLg
28 VGNVpy2vxpajwQuOVXD8nxMNDh+fSXYqkRz4f1o5BM+y1i0rgJ6XxLECAwEAAQ==
29 -----END RSA PUBLIC KEY-----
30 '';
31 "skadhlingur" = ''
32 Subnet = 10.141.2.2
33
34 -----BEGIN RSA PUBLIC KEY-----
35 MIIBCgKCAQEAndEnbH8VF93ka3geCqMC/5kiZYYmvIkab+EbXd9PKVz7VzGbHo+3
36 ROXXo7md5+NQpRzMdtoAfb1ZXDeFm4AlHtKlbf+mtJYFFBAQy3YReuFlL0SNSXOD
37 SVbtwzhB6M1C+Gn6iyqc5e1B6Y7EgCviklflsn37/OMmjHRoEKXJH3tkPlL+RmsN
38 G+nPTjGFmg9d9dTDLFA5L9KGrLSVI2ctVF9u5ED0umR33gSr13AQoz25N4oXrrSp
39 BK6OXxHvazcGa2BP0RHJS7uGYJKZJPINzns5o7O5WpNM5h7dtLhl9frbxKwUewBM
40 5m1RRfgmx8o3qHvMWXvbrfe4u0UyPBEaFwIDAQAB
41 -----END RSA PUBLIC KEY-----
42 '';
43 "surtr" = ''
44 Subnet = 10.141.0.0/24
45 Address = surtr.praseodym.org
46
47 -----BEGIN RSA PUBLIC KEY-----
48 MIICCgKCAgEA5+HnwN6zGfjOBoWiWGZSg9kbM0Cov6e2Xvd/YxMepS5pcvkVBy5k
49 fjZ1tOcDD00WVSZhhYkJDPGfe1pgAyYlzYOs7avXDKi77cYy0GjAV0q9k4B5ttg4
50 cmt0tS4S2Ifu87IEyGKL/PxH+CuNUhBUxlggxdXsKz7gqXubB0p7lJXTB5oa6Kkz
51 cUGkizv7idqL5nLOPlAwNwoBOLaZb9iiWulX2VE49Y1JbMRW3liuvzGpuJVEH0V1
52 n4OZvzIoLxq7Fra+M2sDfOvNCdQccl5FHEF8ViNdOs3/GrP80J2Q1Zk3O0KG2B5X
53 BXgVe3NjBhKNGOc728wgeC7V3B3DRdyGCC7hHOp6YAQNJotp9vbznV5477SIwZH/
54 569qm0Vx/pMRT6np3ayGZVKyfVLfh6aqXjjNCakwaOI8QdSPy5pbBzVJxqR/bIn7
55 vQ70ewLKx7X9Iw7F8QS9I6Frz4JaNyEHGy5oyKtx1SDTmP2yn7uRBq7TCDCdFLuZ
56 qQXDDUkCnMxa3nzoYQoWPQp1c40cQjlbQfEB6S+W3vKcPvEU21qaQcemrUfPgLud
57 oVWRwiSRgchAo4z0LsZbd9H5bOx0cLfwvezv2pwLpRow41mfoidaIqaLVr2FS7C4
58 35nLWc6E4MDQA4LADIpyrgP7PtWJQQ7s2q3VWuDdP56sxvmgT66viTECAwEAAQ==
59 -----END RSA PUBLIC KEY-----
60 '';
61 "borealis" = ''
62 Subnet = 10.141.1.0/24
63
64
65 -----BEGIN RSA PUBLIC KEY-----
66 MIICCgKCAgEAofi0eUYpDjdKChzqNiuey2ERUpUPqCZTcCbSC+BPI7dCBXAR89G8
67 Iq+F8svgfco9SVpffCPOtu7Kq9FFzghd4ZDXQATKxzPKucw3CsVYJEdYwzukh3Pt
68 L0NsRZflZHNjrkqHUvJu0WpmEP28WH0Gqipeq91qPglRRAWhMqM7TcWSYD7vkWGD
69 9EJ2IK9yEAWDnCSSfvyZOD1AeDb5q8Z7ZRzzLh2GDrA9gOnuJlX/Uvzu9FIFCmoe
70 30L+FhJ71CCXP7q5FflIYIrM8ImdRhu77+20CrWSU18eY6iKXlWjN945T0+iE4qU
71 X6Ka4uHJT2kh4vKGPQpJeAh8TBABMSSa8SP35KDv6oFJXIGPF8fRWZGYECwD7Eoa
72 oMjYG2zgYv68u9vHaIO0/Fedp8SXKRiK1N2pN3RqqhUAtOiKwHHUONtSgKp0jbSA
73 8gECAX5uxVkNkmsCh0dY0D8pI4KMUXais5Z62a1zDh/WrfGY2K5Y8kEk5rMcvYK3
74 Hcula054YLsDmfbh7351pvZ4q51CyRAHH9smIC6X/jfujKvpU8doWp4ePIUgNyJO
75 zf++1IBN62Cc3hvDmaSfXNxB9XmzcZIzufreDXNSuE7uhD+DXfFpYQ20AsBrws8M
76 f5cvLnEEQoL7deICvUoaF4ymdnXPDL7hboc//G4qRYlKvVd86OWq0acCAwEAAQ==
77 -----END RSA PUBLIC KEY-----
78 '';
79
80}
81
diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix
new file mode 100644
index 00000000..1d642840
--- /dev/null
+++ b/custom/tinc/yggdrasil.nix
@@ -0,0 +1,33 @@
1{ config, pkgs, name, ip, ... }:
2
3{
4 config.services.tinc = {
5 networks = {
6 "yggdrasil" = {
7 name = name;
8 debugLevel = 2;
9 hosts = ( import ./yggdrasil-hosts.nix );
10 extraConfig = "ConnectTo = surtr";
11 scripts = {
12 tinc-up = ''
13 #!${pkgs.stdenv.shell}
14 ${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999
15 ${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF
16 domain yggdrasil
17 nameserver 10.141.1.1
18 EOF'';
19 tinc-down = ''
20 #!${pkgs.stdenv.shell}
21 ${pkgs.openresolv}/bin/resolvconf -d tinc.yggdrasil'';
22 };
23 };
24 };
25 };
26
27 config.networking.interfaces."tinc.yggdrasil" = {
28 useDHCP = false;
29 ip4 = [
30 { address = ip; prefixLength = 16; }
31 ];
32 };
33}