diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2015-07-02 20:48:08 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2015-07-02 20:48:08 +0200 |
commit | 17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b (patch) | |
tree | a27f0391123c67239de909f3bd00679e5ee66d94 /custom/tinc | |
parent | 18fb5f4e19249c725eaf816b4b71e9058ee12bf1 (diff) | |
download | nixos-17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b.tar nixos-17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b.tar.gz nixos-17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b.tar.bz2 nixos-17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b.tar.xz nixos-17d901fdd0f0cbd6fddbca62bb4b4d835e9f059b.zip |
First work an tinc
Diffstat (limited to 'custom/tinc')
-rw-r--r-- | custom/tinc/def.nix | 175 | ||||
-rwxr-xr-x | custom/tinc/generate_hostfile.hs | 19 | ||||
-rw-r--r-- | custom/tinc/laeradhr-hosts.nix | 92 | ||||
-rw-r--r-- | custom/tinc/laeradhr.nix | 33 | ||||
-rw-r--r-- | custom/tinc/yggdrasil-hosts.nix | 81 | ||||
-rw-r--r-- | custom/tinc/yggdrasil.nix | 33 |
6 files changed, 433 insertions, 0 deletions
diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix new file mode 100644 index 00000000..e191168f --- /dev/null +++ b/custom/tinc/def.nix | |||
@@ -0,0 +1,175 @@ | |||
1 | { config, lib, pkgs, ... }: | ||
2 | |||
3 | with lib; | ||
4 | |||
5 | let | ||
6 | |||
7 | cfg = config.services.tinc; | ||
8 | |||
9 | in | ||
10 | |||
11 | { | ||
12 | |||
13 | ###### interface | ||
14 | |||
15 | options = { | ||
16 | |||
17 | services.tinc = { | ||
18 | |||
19 | networks = mkOption { | ||
20 | default = { }; | ||
21 | type = types.loaOf types.optionSet; | ||
22 | description = '' | ||
23 | Defines the tinc networks which will be started. | ||
24 | Each network invokes a different daemon. | ||
25 | ''; | ||
26 | options = { | ||
27 | |||
28 | extraConfig = mkOption { | ||
29 | default = ""; | ||
30 | type = types.lines; | ||
31 | description = '' | ||
32 | Extra lines to add to the tinc service configuration file. | ||
33 | ''; | ||
34 | }; | ||
35 | |||
36 | name = mkOption { | ||
37 | default = null; | ||
38 | type = types.nullOr types.str; | ||
39 | description = '' | ||
40 | The name of the node which is used as an identifier when communicating | ||
41 | with the remote nodes in the mesh. If null then the hostname of the system | ||
42 | is used. | ||
43 | ''; | ||
44 | }; | ||
45 | |||
46 | debugLevel = mkOption { | ||
47 | default = 0; | ||
48 | type = types.addCheck types.int (l: l >= 0 && l <= 5); | ||
49 | description = '' | ||
50 | The amount of debugging information to add to the log. 0 means little | ||
51 | logging while 5 is the most logging. <command>man tincd</command> for | ||
52 | more details. | ||
53 | ''; | ||
54 | }; | ||
55 | |||
56 | hosts = mkOption { | ||
57 | default = { }; | ||
58 | type = types.loaOf types.lines; | ||
59 | description = '' | ||
60 | The name of the host in the network as well as the configuration for that host. | ||
61 | This name should only contain alphanumerics and underscores. | ||
62 | ''; | ||
63 | }; | ||
64 | |||
65 | interfaceType = mkOption { | ||
66 | default = "tun"; | ||
67 | type = types.addCheck types.str (n: n == "tun" || n == "tap"); | ||
68 | description = '' | ||
69 | The type of virtual interface used for the network connection | ||
70 | ''; | ||
71 | }; | ||
72 | |||
73 | package = mkOption { | ||
74 | default = pkgs.tinc_pre; | ||
75 | description = '' | ||
76 | The package to use for the tinc daemon's binary. | ||
77 | ''; | ||
78 | }; | ||
79 | |||
80 | scripts = mkOption { | ||
81 | default = { }; | ||
82 | type = types.loaOf (types.nullOr types.str); | ||
83 | description = '' | ||
84 | Hook scripts | ||
85 | ''; | ||
86 | }; | ||
87 | |||
88 | }; | ||
89 | }; | ||
90 | }; | ||
91 | |||
92 | }; | ||
93 | |||
94 | |||
95 | ###### implementation | ||
96 | |||
97 | config = mkIf (cfg.networks != { }) { | ||
98 | |||
99 | environment.etc = fold (a: b: a // b) { } | ||
100 | (flip mapAttrsToList cfg.networks (network: data: | ||
101 | flip mapAttrs' data.hosts (host: text: nameValuePair | ||
102 | ("tinc/${network}/hosts/${host}") | ||
103 | ({ inherit text; }) | ||
104 | ) // (flip mapAttrs' data.scripts (scriptName: text: nameValuePair | ||
105 | ("tinc/${network}/${scriptName}") | ||
106 | ({ mode = "0555"; inherit text; }) | ||
107 | )) // { | ||
108 | "tinc/${network}/tinc.conf" = { | ||
109 | text = '' | ||
110 | Name = ${if data.name == null then "$HOST" else data.name} | ||
111 | DeviceType = ${data.interfaceType} | ||
112 | Device = /dev/net/tun | ||
113 | Interface = tinc.${network} | ||
114 | ${data.extraConfig} | ||
115 | ''; | ||
116 | }; | ||
117 | } | ||
118 | )); | ||
119 | |||
120 | networking.interfaces = flip mapAttrs' cfg.networks (network: data: nameValuePair | ||
121 | ("tinc.${network}") | ||
122 | ({ | ||
123 | virtual = true; | ||
124 | virtualType = "${data.interfaceType}"; | ||
125 | }) | ||
126 | ); | ||
127 | |||
128 | systemd.services = flip mapAttrs' cfg.networks (network: data: nameValuePair | ||
129 | ("tinc.${network}") | ||
130 | ({ | ||
131 | description = "Tinc Daemon - ${network}"; | ||
132 | wantedBy = [ "network.target" ]; | ||
133 | after = [ "network-interfaces.target" ]; | ||
134 | path = [ data.package ]; | ||
135 | restartTriggers = [ config.environment.etc."tinc/${network}/tinc.conf".source ] | ||
136 | ++ mapAttrsToList (host: _ : config.environment.etc."tinc/${network}/hosts/${host}".source) data.hosts; | ||
137 | serviceConfig = { | ||
138 | Type = "simple"; | ||
139 | PIDFile = "/run/tinc.${network}.pid"; | ||
140 | }; | ||
141 | preStart = '' | ||
142 | ${pkgs.openresolv}/bin/resolvconf -d tinc.${network} || true | ||
143 | ''; | ||
144 | # preStart = '' | ||
145 | # mkdir -p /etc/tinc/${network}/hosts | ||
146 | |||
147 | # # Determine how we should generate our keys | ||
148 | # if type tinc >/dev/null 2>&1; then | ||
149 | # # Tinc 1.1+ uses the tinc helper application for key generation | ||
150 | |||
151 | # # Prefer ED25519 keys (only in 1.1+) | ||
152 | # [ -f "/etc/tinc/${network}/ed25519_key.priv" ] || tinc -n ${network} generate-ed25519-keys | ||
153 | |||
154 | # # Otherwise use RSA keys | ||
155 | # [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tinc -n ${network} generate-rsa-keys 4096 | ||
156 | # else | ||
157 | # # Tinc 1.0 uses the tincd application | ||
158 | # [ -f "/etc/tinc/${network}/rsa_key.priv" ] || tincd -n ${network} -K 4096 | ||
159 | # fi | ||
160 | # ''; | ||
161 | script = '' | ||
162 | tincd -D -U tinc.${network} -n ${network} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel} | ||
163 | ''; | ||
164 | }) | ||
165 | ); | ||
166 | |||
167 | users.extraUsers = flip mapAttrs' cfg.networks (network: _: | ||
168 | nameValuePair ("tinc.${network}") ({ | ||
169 | description = "Tinc daemon user for ${network}"; | ||
170 | }) | ||
171 | ); | ||
172 | |||
173 | }; | ||
174 | |||
175 | } | ||
diff --git a/custom/tinc/generate_hostfile.hs b/custom/tinc/generate_hostfile.hs new file mode 100755 index 00000000..a8420780 --- /dev/null +++ b/custom/tinc/generate_hostfile.hs | |||
@@ -0,0 +1,19 @@ | |||
1 | #!/usr/bin/env runhaskell | ||
2 | |||
3 | import System.Directory.Tree | ||
4 | import Data.List | ||
5 | |||
6 | main :: IO () | ||
7 | main = readDirectory "." >>= putStrLn . genHostFile | ||
8 | |||
9 | genHostFile :: AnchoredDirTree String -> String | ||
10 | genHostFile (_ :/ (Dir _ contents)) = "{\n" ++ entries ++ "\n}\n" | ||
11 | where | ||
12 | entries = concat [ genEntry name content | (File name content) <- contents, name `notElem` hidden ] | ||
13 | genEntry fileName fileContent = unlines . indent $ [ "\"" ++ fileName ++ "\" = ''" ] ++ indent (lines fileContent) ++ [ "'';" ] | ||
14 | hidden = [ "to_nix.sh" | ||
15 | , "signup.sh" | ||
16 | ] | ||
17 | |||
18 | indent :: [String] -> [String] | ||
19 | indent = map (" " ++) | ||
diff --git a/custom/tinc/laeradhr-hosts.nix b/custom/tinc/laeradhr-hosts.nix new file mode 100644 index 00000000..83b72899 --- /dev/null +++ b/custom/tinc/laeradhr-hosts.nix | |||
@@ -0,0 +1,92 @@ | |||
1 | { | ||
2 | "heimdallr" = '' | ||
3 | Subnet = 10.142.0.2 | ||
4 | Subnet = 10.141.1.0/24 | ||
5 | |||
6 | -----BEGIN RSA PUBLIC KEY----- | ||
7 | MIICCgKCAgEAzphcufJwioUu3I9120c7gimAC325metgKg3W8V3RfmRh2GWn/H+t | ||
8 | DvKRH3BwSTYrNnwNgyp60gY/XexVED0xCIDoGjWZsK2o60g5xA8fPAPckVaPP3Vj | ||
9 | a3gyN6Y2Tlb4Ef2uWNe8irPL928v6UgxGl9dlgG3G2hW19hfuBBziDFdQCtyR1FH | ||
10 | GKvpS2rgHHIljh51LRDN9G2eIv9FGVDmiAgUYKAgzhwOr+TIHOPshcgMYD0iZ86s | ||
11 | 7iXJzWaiNTzx35ZzV5lkt+DafAQcWYrSV6858PXbx5HihU+ugTF+mbLuFitWNuja | ||
12 | DIZayUszmK/OBP8Mz3DP+NjRJugBv3hozpjMnSDZLMl7NcbwEn6+mj4Rrk9yMGPe | ||
13 | sNFclKtSiGHAJdCIdjK3gvC2z68NqRB23hxiPqfM0LBYlbZsA4AuYZyHlcoOTApe | ||
14 | 3y+69VRyG2H++MIVheHqqvIckq/p3XqWT5dHtI3YU7cunNGc5OofKjmpO1x+UV2l | ||
15 | 18H3DzW916pCNpqBlCj0wbv0h35ZUcxFCjTwSTPdjsqjninm6tPCXc2CgO2XOrPW | ||
16 | f4AekYifCwetD8bXbtycrYnykXLYJexIlFdUkUANa3H6cZ5gqGPE1ZF4Te1FVGCF | ||
17 | CSJrzSMDE0IidXqc/0dp9dsZQ5D4pi+/XYvAdx/HWV5PwD9UxmlB100CAwEAAQ== | ||
18 | -----END RSA PUBLIC KEY----- | ||
19 | ''; | ||
20 | "sirius" = '' | ||
21 | Subnet = 10.142.0.100 | ||
22 | |||
23 | -----BEGIN RSA PUBLIC KEY----- | ||
24 | MIICCgKCAgEAl+YcFEkCPtBJmKj9rFRr+Tcez3nV53cKhWj9kSuGbZ8idZdC+Qop | ||
25 | eEN00LRQsEJwVg8RHqdK96qbgf21DBNjXXURqkslvDyhOOH1CzXvxlzZHbppAeI8 | ||
26 | lE3by62FaT2Uu7I6IKk+rcLnAOc2P5koYM8tm6C0deJM7uegutBrPNDJq7vgHidH | ||
27 | nhtduC/qX3wPf3D+69to0eIzswbIq5eQ+mrXoQJ2VMNsWZdEKCP23w/i+ikRkU6j | ||
28 | bU10sQt97KuqSNRE9QkTwtdPT2dduv6RdfgxDU1vSfWhv3xd3YPIgdfegF5sHBBc | ||
29 | W2v/R9pb01efcdev1+aW4TRZb9qN9qv3sr6Na2Jyti+Baqki1B8xwxjXX1vfm7k1 | ||
30 | mxkScIfbxCWK5H9WzCoOsU+Vat3PWNUxZbGlPI+Bo8UJ+Ay5wuAwXEZA9XWNnSuj | ||
31 | D/UtxalyNMlHQzPqFgTdkuT1lyYZKoDLTAZxlAgDUcGvyQ+bx6uPj6yBZxqy26TM | ||
32 | ZJb9tK3BklIzc1vojs9XfNQnnMkCIHtMLsmqyzudE+FwJycishnUHKAJ5W8/tt6S | ||
33 | sFOfXN97FHUfAp1652Cax2xYznjpnrakNbsIGVThkpA9xm+GaLS4FQtVmYLMNna0 | ||
34 | mE6NGf83Esgg1s9F9IR95O87WlYXAb99Ahcf3iOIZELBSTEu3JifBYcCAwEAAQ== | ||
35 | -----END RSA PUBLIC KEY----- | ||
36 | ''; | ||
37 | "arbro" = '' | ||
38 | Subnet = 10.142.0.102 | ||
39 | |||
40 | -----BEGIN RSA PUBLIC KEY----- | ||
41 | MIICCgKCAgEArS7bRAiVQMP+bIRrXs+FYLFm8SezgL/KEbbVTEy7N0fij1Yb/CtN | ||
42 | CRUhQDqQjIKPYwrXtd+fZCFIgAtn9RvtZPEaHAL1WUusuN1/zT4edZN1AOjr7ux5 | ||
43 | 2SIuMcdjo5S7tFhqvyBADs1oYeD9usmOzjEHd9AwFJGHVMWJKHjguHXi26vRfTIL | ||
44 | VkpEegzIo09dju98NUJr4iQPGKkHA15KV9iWO6DzOBSeHoxKk3ddqvp38oQmyvS2 | ||
45 | MbjDuCBZNOe8GRmp82WawQOtyT9BGRfwXhYcXdzPgaVjBeR8bY4DmT8kqPnZqeXA | ||
46 | xigKk92rS2EUvB3QpBr8VDKaIwNXjxl+ASXqEWqOXbEO4KeOl41Cx61mKUZ7/Cg7 | ||
47 | 8RO6Ws/2kq8jBplYTKgF8Zb84goR6qHehjl9toCn84f3pYFgyRBAUmTOUhohS+/0 | ||
48 | 8M9M1MYRHKgJgIkzNeAGEo4Zv7AeWBpkN2VDyTkoWEeeezxqhz1w0U6UKxNZdIW/ | ||
49 | oGHrImnCc4GE/JMkkh7FaweeIT4e7/xeDVKvF1xW6bCWksemD1ulZFToqEdpFd53 | ||
50 | jN+UDo1vMwL8R0xJNXHRzlqlRovoDqHz9NcIVtsbs3vm/lIjlCutXo2ulIFO2ENC | ||
51 | emyCjZRlXhhPUrf8UD5Mbg20ksIDO46xJxLJmPqOM4sh39F6VRFgPz0CAwEAAQ== | ||
52 | -----END RSA PUBLIC KEY----- | ||
53 | ''; | ||
54 | "surtr" = '' | ||
55 | Address = surtr.yggdrasil.li | ||
56 | Subnet = 10.142.0.1 | ||
57 | Port = 656 | ||
58 | |||
59 | -----BEGIN RSA PUBLIC KEY----- | ||
60 | MIICCgKCAgEAxZVZU4NxeB5uVzIgOKF5TWp5K/GcV9e4H1q6IHmp+qauST5vQS8i | ||
61 | 3YPuTapKwMZnqHLMQG6+HkCAAVdKBMyKm9alznjfR+M8mtj/zNgce360JjeAXko6 | ||
62 | mSBX02AeVhbj7WyhACt7sTKSIS6alXNCUnz038+qETgjrbNi518RPPBLz2Mf1woW | ||
63 | 73ZkKmEjpG6khG3alzw5Ne3eaKWiy3DHymEH9jeqGmT83hkVjpgtTeCMnT35b1uR | ||
64 | ZJs1w7vn7ur/UV4FzuZHYMmPpS1OvXJqb8uolfrikdB760wJuyfPyus5Y49fC7PM | ||
65 | yxZZgpIdWlMyowLtv8zYO9iwpilQpwwyK8GMywzHQBga5/0EEh7gcy3MRVwRyP6Y | ||
66 | TP84VMntniIRaJ/JhwNxn9JLKMeI6ggiVwcj8KQ68nDf/SwodIFHPU7GCstOfk4i | ||
67 | LsG6/fRCCJc9exeBAU7PZEGDOEjwi6kAscy1pmKx6BwHaBjj74zLjn3VjzFvKH1b | ||
68 | ycydEFznNOUk8y3cFkT/zbDMz3Y7+/P/tEgMDWDynF4wGtFmTOpwbq3nVFMjRsww | ||
69 | yLEppO9LtGIS/vvXr4UEBG0T1NtOP5ht3xPuVyTNCK7hg/W0lybV30LhaSJzhO+l | ||
70 | qkmXVF8CqHuhA1e2UfQRTSVKCrTikbPIQnOazXI3Vt3Kw53qdscRuKMCAwEAAQ== | ||
71 | -----END RSA PUBLIC KEY----- | ||
72 | ''; | ||
73 | "reimar" = '' | ||
74 | Subnet = 10.142.0.101 | ||
75 | |||
76 | -----BEGIN RSA PUBLIC KEY----- | ||
77 | MIICCgKCAgEA361NGc6b0tmjD52jrudgWlWAVrGrRX8ApjuWhFLHpyfTD3g4D6Sl | ||
78 | QHAUU7xzBBrDMZ3YeMqbL5C96ar55InCxj0XccfFk/i0Decsi5kdBSp42nQdB9df | ||
79 | YTn1wGxgmTYljjlbxMCY8/zrn6AvyDJH2LGqk8fDf84+EfIjRLaGn4toI3GGcCB4 | ||
80 | 5tqjPEbfNXMdhFlErRyw7CZpIInMIpyoQG6TAgf09w+OyBPybudR3p8nXQliTkN6 | ||
81 | idqH1g9W3hSaw0vNYJu7XCzUSPo+KguGpBZbNom21AXokIsZuPh2WornnTdUW7OZ | ||
82 | strVjctWuhqoa35Fp5pmkBHNQI6EoJLTfOzlxVdEGHhRo7X9HoCBj2q+ZoiU8/zu | ||
83 | MJPHSkPu7Iqdgx7EoBwSY7x72XStzQPQFpkFXTkS1ZGd/AdVvpYxraFrxnDZJ49Z | ||
84 | FxnGYCx7gc2VoKzVzczDqXWyYK9p3yd5T1n2kpOZ21iwcTQLYuLhLzsi7vNcMQZ6 | ||
85 | 9o0eLBIM5oHCZ77/Kyf0FT7s5UVceRxogsdEwcHEp84jhCpRSyp5Qt/yUPrytOrp | ||
86 | 8OJWrkfDTqF8awOywPNTSlP8S4FvYF8p26Mx/VLIrDYyNlDbHSXHz5FzJcUacUxc | ||
87 | /SubpKAZ9yLC59PC0h1/Tca8jIqVcHbNUEqfxGsI/xhyviZIigwO/QECAwEAAQ== | ||
88 | -----END RSA PUBLIC KEY----- | ||
89 | ''; | ||
90 | |||
91 | } | ||
92 | |||
diff --git a/custom/tinc/laeradhr.nix b/custom/tinc/laeradhr.nix new file mode 100644 index 00000000..cf1b196d --- /dev/null +++ b/custom/tinc/laeradhr.nix | |||
@@ -0,0 +1,33 @@ | |||
1 | { config, pkgs, name, ip, ... }: | ||
2 | |||
3 | { | ||
4 | config.services.tinc = { | ||
5 | networks = { | ||
6 | "laeradhr" = { | ||
7 | name = name; | ||
8 | debugLevel = 2; | ||
9 | hosts = ( import ./laeradhr-hosts.nix ); | ||
10 | extraConfig = "ConnectTo = surtr"; | ||
11 | scripts = { | ||
12 | tinc-up = '' | ||
13 | #!${pkgs.stdenv.shell} | ||
14 | ${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.142.0.2 dev $INTERFACE metric 9999 | ||
15 | ${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.laeradhr <<EOF | ||
16 | domain yggdrasil | ||
17 | nameserver 10.141.1.1 | ||
18 | EOF''; | ||
19 | tinc-down = '' | ||
20 | #!${pkgs.stdenv.shell} | ||
21 | ${pkgs.openresolv}/bin/resolvconf -d tinc.laeradhr''; | ||
22 | }; | ||
23 | }; | ||
24 | }; | ||
25 | }; | ||
26 | |||
27 | config.networking.interfaces."tinc.laeradhr" = { | ||
28 | useDHCP = false; | ||
29 | ip4 = [ | ||
30 | { address = ip; prefixLength = 16; } | ||
31 | ]; | ||
32 | }; | ||
33 | } | ||
diff --git a/custom/tinc/yggdrasil-hosts.nix b/custom/tinc/yggdrasil-hosts.nix new file mode 100644 index 00000000..6dbb58e3 --- /dev/null +++ b/custom/tinc/yggdrasil-hosts.nix | |||
@@ -0,0 +1,81 @@ | |||
1 | { | ||
2 | "vindler" = '' | ||
3 | Subnet = 10.141.3.1 | ||
4 | |||
5 | -----BEGIN RSA PUBLIC KEY----- | ||
6 | MIIBCgKCAQEAoLNp7Q/ZfU2rs01Vk1hNlIpHxWJOLny3pvK0JKqjAchs+ccfYwoZ | ||
7 | eTUhfbydjXMtTmYeqcecKh+yNgGhhN7t44BZW89xjrxs7NqJuzp77+OAEGPz+6q9 | ||
8 | o9bbU36tMwUebbhoBjt4fIkDtgWZh0tevAD2td1Fk4vwRvfJF6pIT+/OmU5noh5F | ||
9 | HWEn/HL9dLqWGn3vRYy3WR+/cmwT+K1RvzVFdKvHDEP2cY5dd1Ln7L1ztr5N9unH | ||
10 | sRCFWeIkIV35QY8D1RacWy3ZmoBlEJxbaXI9ZC5pCBcyqzNCUOycSY+HblD0W0/0 | ||
11 | cih+b3ijr+NZHjSKcZyDnZLaVCWFbG6kkQIDAQAB | ||
12 | -----END RSA PUBLIC KEY----- | ||
13 | ''; | ||
14 | "skadhi" = '' | ||
15 | Subnet = 10.141.2.0/24 | ||
16 | |||
17 | -----BEGIN RSA PUBLIC KEY----- | ||
18 | MIICCgKCAgEAuHfSceBjEZrCUceHVODSTp1M8ffcfIinGRDFNpDVutEJNFnY3DOY | ||
19 | Bm1cD2TiDdIAiyhCT285AYdOxtGBI308DPlrqrzPWxt8V43CmykbB87lj8fNysta | ||
20 | pZo38gSXm39gpmC+9wqtYDmOiiEiUpAcmgX6OPhz01nHD8suUHdu3M1gFNoaZGAg | ||
21 | gbeJorwqiP8IKa2uvMiThNDEU9K6KgALDnijwh5Duns3ZugsIkDfHlwwx9hfaxV8 | ||
22 | qi4aYlNYUiQ98pwazdDqSqC07zHaMPNBjqBJRN/hLvaPS0uK4xpxGyoeAA+6cGpM | ||
23 | 3lvvV9vhZuLQnhTDcMv2cMMgVb1o+VzYmEruOf5g1wrtbhqJKAhxt6SToR5AMQ+D | ||
24 | 1T8bFWnAKnEqa1LRKhAq/ancfM4f6PP9Any8O96zw2Nccbti29S262k/iMIPOmpW | ||
25 | YTHhzWhqCmg9LA0FCJpKhrkr/tKAXuz5hGfgViE8LzEEp9astIKjrqIecuMjP1RG | ||
26 | cpQMx5oqFVxxv74yuVkINEgh6NHjaMuu7v/8ZDOTsbMJNS6CLrAweKCPOBS5aodS | ||
27 | Wwe9OsyvV5vU2EpAtWixr+Kh51aL889fIaw8F2PO3w6wdRCdHz+csJvsVgVoYfLg | ||
28 | VGNVpy2vxpajwQuOVXD8nxMNDh+fSXYqkRz4f1o5BM+y1i0rgJ6XxLECAwEAAQ== | ||
29 | -----END RSA PUBLIC KEY----- | ||
30 | ''; | ||
31 | "skadhlingur" = '' | ||
32 | Subnet = 10.141.2.2 | ||
33 | |||
34 | -----BEGIN RSA PUBLIC KEY----- | ||
35 | MIIBCgKCAQEAndEnbH8VF93ka3geCqMC/5kiZYYmvIkab+EbXd9PKVz7VzGbHo+3 | ||
36 | ROXXo7md5+NQpRzMdtoAfb1ZXDeFm4AlHtKlbf+mtJYFFBAQy3YReuFlL0SNSXOD | ||
37 | SVbtwzhB6M1C+Gn6iyqc5e1B6Y7EgCviklflsn37/OMmjHRoEKXJH3tkPlL+RmsN | ||
38 | G+nPTjGFmg9d9dTDLFA5L9KGrLSVI2ctVF9u5ED0umR33gSr13AQoz25N4oXrrSp | ||
39 | BK6OXxHvazcGa2BP0RHJS7uGYJKZJPINzns5o7O5WpNM5h7dtLhl9frbxKwUewBM | ||
40 | 5m1RRfgmx8o3qHvMWXvbrfe4u0UyPBEaFwIDAQAB | ||
41 | -----END RSA PUBLIC KEY----- | ||
42 | ''; | ||
43 | "surtr" = '' | ||
44 | Subnet = 10.141.0.0/24 | ||
45 | Address = surtr.praseodym.org | ||
46 | |||
47 | -----BEGIN RSA PUBLIC KEY----- | ||
48 | MIICCgKCAgEA5+HnwN6zGfjOBoWiWGZSg9kbM0Cov6e2Xvd/YxMepS5pcvkVBy5k | ||
49 | fjZ1tOcDD00WVSZhhYkJDPGfe1pgAyYlzYOs7avXDKi77cYy0GjAV0q9k4B5ttg4 | ||
50 | cmt0tS4S2Ifu87IEyGKL/PxH+CuNUhBUxlggxdXsKz7gqXubB0p7lJXTB5oa6Kkz | ||
51 | cUGkizv7idqL5nLOPlAwNwoBOLaZb9iiWulX2VE49Y1JbMRW3liuvzGpuJVEH0V1 | ||
52 | n4OZvzIoLxq7Fra+M2sDfOvNCdQccl5FHEF8ViNdOs3/GrP80J2Q1Zk3O0KG2B5X | ||
53 | BXgVe3NjBhKNGOc728wgeC7V3B3DRdyGCC7hHOp6YAQNJotp9vbznV5477SIwZH/ | ||
54 | 569qm0Vx/pMRT6np3ayGZVKyfVLfh6aqXjjNCakwaOI8QdSPy5pbBzVJxqR/bIn7 | ||
55 | vQ70ewLKx7X9Iw7F8QS9I6Frz4JaNyEHGy5oyKtx1SDTmP2yn7uRBq7TCDCdFLuZ | ||
56 | qQXDDUkCnMxa3nzoYQoWPQp1c40cQjlbQfEB6S+W3vKcPvEU21qaQcemrUfPgLud | ||
57 | oVWRwiSRgchAo4z0LsZbd9H5bOx0cLfwvezv2pwLpRow41mfoidaIqaLVr2FS7C4 | ||
58 | 35nLWc6E4MDQA4LADIpyrgP7PtWJQQ7s2q3VWuDdP56sxvmgT66viTECAwEAAQ== | ||
59 | -----END RSA PUBLIC KEY----- | ||
60 | ''; | ||
61 | "borealis" = '' | ||
62 | Subnet = 10.141.1.0/24 | ||
63 | |||
64 | |||
65 | -----BEGIN RSA PUBLIC KEY----- | ||
66 | MIICCgKCAgEAofi0eUYpDjdKChzqNiuey2ERUpUPqCZTcCbSC+BPI7dCBXAR89G8 | ||
67 | Iq+F8svgfco9SVpffCPOtu7Kq9FFzghd4ZDXQATKxzPKucw3CsVYJEdYwzukh3Pt | ||
68 | L0NsRZflZHNjrkqHUvJu0WpmEP28WH0Gqipeq91qPglRRAWhMqM7TcWSYD7vkWGD | ||
69 | 9EJ2IK9yEAWDnCSSfvyZOD1AeDb5q8Z7ZRzzLh2GDrA9gOnuJlX/Uvzu9FIFCmoe | ||
70 | 30L+FhJ71CCXP7q5FflIYIrM8ImdRhu77+20CrWSU18eY6iKXlWjN945T0+iE4qU | ||
71 | X6Ka4uHJT2kh4vKGPQpJeAh8TBABMSSa8SP35KDv6oFJXIGPF8fRWZGYECwD7Eoa | ||
72 | oMjYG2zgYv68u9vHaIO0/Fedp8SXKRiK1N2pN3RqqhUAtOiKwHHUONtSgKp0jbSA | ||
73 | 8gECAX5uxVkNkmsCh0dY0D8pI4KMUXais5Z62a1zDh/WrfGY2K5Y8kEk5rMcvYK3 | ||
74 | Hcula054YLsDmfbh7351pvZ4q51CyRAHH9smIC6X/jfujKvpU8doWp4ePIUgNyJO | ||
75 | zf++1IBN62Cc3hvDmaSfXNxB9XmzcZIzufreDXNSuE7uhD+DXfFpYQ20AsBrws8M | ||
76 | f5cvLnEEQoL7deICvUoaF4ymdnXPDL7hboc//G4qRYlKvVd86OWq0acCAwEAAQ== | ||
77 | -----END RSA PUBLIC KEY----- | ||
78 | ''; | ||
79 | |||
80 | } | ||
81 | |||
diff --git a/custom/tinc/yggdrasil.nix b/custom/tinc/yggdrasil.nix new file mode 100644 index 00000000..1d642840 --- /dev/null +++ b/custom/tinc/yggdrasil.nix | |||
@@ -0,0 +1,33 @@ | |||
1 | { config, pkgs, name, ip, ... }: | ||
2 | |||
3 | { | ||
4 | config.services.tinc = { | ||
5 | networks = { | ||
6 | "yggdrasil" = { | ||
7 | name = name; | ||
8 | debugLevel = 2; | ||
9 | hosts = ( import ./yggdrasil-hosts.nix ); | ||
10 | extraConfig = "ConnectTo = surtr"; | ||
11 | scripts = { | ||
12 | tinc-up = '' | ||
13 | #!${pkgs.stdenv.shell} | ||
14 | ${pkgs.nettools}/bin/route add -net 10.141.1.0 netmask 255.255.255.0 gw 10.141.1.1 dev $INTERFACE metric 9999 | ||
15 | ${pkgs.openresolv}/bin/resolvconf -m 0 -a tinc.yggdrasil <<EOF | ||
16 | domain yggdrasil | ||
17 | nameserver 10.141.1.1 | ||
18 | EOF''; | ||
19 | tinc-down = '' | ||
20 | #!${pkgs.stdenv.shell} | ||
21 | ${pkgs.openresolv}/bin/resolvconf -d tinc.yggdrasil''; | ||
22 | }; | ||
23 | }; | ||
24 | }; | ||
25 | }; | ||
26 | |||
27 | config.networking.interfaces."tinc.yggdrasil" = { | ||
28 | useDHCP = false; | ||
29 | ip4 = [ | ||
30 | { address = ip; prefixLength = 16; } | ||
31 | ]; | ||
32 | }; | ||
33 | } | ||