~ retiolum

2026-03-16 10:11:08 +01:00 · 2019-02-05 20:21:41 +01:00
parent 4020f7018e
commit 77f8416914
2 changed files with 26 additions and 17 deletions
--- a/configs/scripts.nix
+++ b/configs/scripts.nix
@@ -353,6 +353,12 @@ let
        executable = true;
      };
    in unstable.writers.writeDashBin "generate-shell-nix" ''${generateShellNixPath} $*'';
+  scripts.tinc-generate-key =
+    unstable.writers.writeDashBin "tinc-generate-key" ''
+      TMPDIR=/tmp
+      ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
+      ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
+    '';
  scripts.dic =
    let dicPath = pkgs.fetchurl {
      url = "https://cgit.krebsco.de/dic/plain/dic?id=beeca40313f68874e05568f4041423c16202e9da";
--- a/modules/retiolum.nix
+++ b/modules/retiolum.nix
@@ -1,8 +1,19 @@
 { config, pkgs, lib, ... }:
+
 with lib;
+
 let
+
  netname = "retiolum";
  cfg = config.networking.retiolum;
+
+  retiolum = pkgs.fetchFromGitHub {
+    owner = "krebs";
+    repo = netname;
+    rev = "8edeafb01411943eb483b5431bccce6702406f12";
+    sha256 = "1vnmhr5qfxhndlnsk8c87qbbwmlph1inlj924vqymfm1lgsasdq0";
+  };
+
 in {
  options = {
    networking.retiolum.ipv4 = mkOption {
@@ -25,48 +36,40 @@ in {
      '';
    };
  };
+
  config = {
+
    services.tinc.networks.${netname} = {
      name = cfg.nodename;
      extraConfig = ''
        LocalDiscovery = yes
-        ConnectTo = gum
-        ConnectTo = ni
-        ConnectTo = prism
-        ConnectTo = eve
        AutoConnect = yes
      '';
    };
-
-    networking.extraHosts = builtins.readFile (pkgs.fetchurl {
-      name = "retiolum.hosts";
-      url = "https://lassul.us/retiolum.hosts";
-      # FIXME
-      sha256 = "0kr68c2j1kdnlg9wk78dq02xzgxqyqzj2hfc42h7v9irrmrhnjka";
-    });
-
-    environment.systemPackages = [ config.services.tinc.networks.${netname}.package ];
-
    systemd.services."tinc.${netname}" = {
-      path = with pkgs; [ curl gnutar bzip2 ];
      preStart = ''
-        curl https://lassul.us/retiolum-hosts.tar.bz2 | tar -xjvf - -C /etc/tinc/${netname}/ || true
+        cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true
      '';
    };

+    networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
+
+    environment.systemPackages = [ config.services.tinc.networks.${netname}.package ];
+
    networking.firewall.allowedTCPPorts = [ 655 ];
    networking.firewall.allowedUDPPorts = [ 655 ];
+    #services.netdata.portcheck.checks.tinc.port = 655;

    systemd.network.enable = true;
    systemd.network.networks = {
      "${netname}".extraConfig = ''
        [Match]
        Name = tinc.${netname}
+
        [Network]
        Address=${cfg.ipv4}/12
        Address=${cfg.ipv6}/16
      '';
    };
  };
-
 }