From bdeca861eb8eb2b2b14214f4566b5864b4704237 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kieran.meinhardt@gmail.com>
Date: Tue, 4 Dec 2018 21:08:12 +0100
Subject: [PATCH] Add retiolum config

---
 config.nix           |  8 +++++
 configs/networks.nix | 13 +++++++-
 configs/retiolum.nix | 76 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100644 configs/retiolum.nix

diff --git a/config.nix b/config.nix
index d58bac1..f7ad82b 100644
--- a/config.nix
+++ b/config.nix
@@ -11,6 +11,7 @@ in {
     ./configs/graphics.nix
     ./configs/packages.nix
     ./configs/networks.nix
+    ./configs/retiolum.nix
   ];
 
   time.timeZone = "Europe/Berlin";
@@ -196,4 +197,11 @@ in {
       ".zshrc".text = "# nothing to see here";
     };
   };
+
+  environment.etc = {
+    "tinc/retiolum/rsa_key.priv" = {
+      text = (import ./secrets.nix).retiolum.scardanelli.privateKey;
+      mode = "400";
+    };
+  };
 }
diff --git a/configs/networks.nix b/configs/networks.nix
index dd0a459..3b3348e 100644
--- a/configs/networks.nix
+++ b/configs/networks.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 let
   eduroam = (import ../secrets.nix).eduroam;
   eduroamConfig = {
@@ -34,6 +34,17 @@ in {
     "FlixBus Wi-Fi" = {};
   };
 
+  networking.retiolum = {
+    scardanelli = {
+      ipv4 = "10.243.2.2";
+      ipv6 = "42:2:5ca:da:3111::1";
+    };
+    homeros = {
+      ipv4 = "10.243.2.1";
+      ipv6 = "42:2::0:3:05::1";
+    };
+  }.${config.networking.hostName};
+
   services.openvpn.servers = {
     hu-berlin = {
       config = ''config ${pkgs.fetchurl {
diff --git a/configs/retiolum.nix b/configs/retiolum.nix
new file mode 100644
index 0000000..7b860b2
--- /dev/null
+++ b/configs/retiolum.nix
@@ -0,0 +1,76 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  netname = "retiolum";
+  cfg = config.networking.retiolum;
+
+in {
+  options = {
+    networking.retiolum.ipv4 = mkOption {
+      type = types.str;
+      description = ''
+        own ipv4 address
+      '';
+    };
+    networking.retiolum.ipv6 = mkOption {
+      type = types.str;
+      description = ''
+        own ipv6 address
+      '';
+    };
+    networking.retiolum.nodename = mkOption {
+      type = types.str;
+      default = config.networking.hostName;
+      description = ''
+        tinc network name
+      '';
+    };
+  };
+
+  config = {
+    services.tinc.networks.${netname} = {
+      name = cfg.nodename;
+      extraConfig = ''
+        LocalDiscovery = yes
+        ConnectTo = gum
+        ConnectTo = ni
+        ConnectTo = prism
+        ConnectTo = eve
+        AutoConnect = yes
+      '';
+    };
+
+    networking.extraHosts = builtins.readFile (pkgs.fetchurl {
+      name = "retiolum.hosts";
+      url = "https://lassul.us/retiolum.hosts";
+      # FIXME
+      sha256 = "0a0hk2z883i7jkgb7agiwdalpi1brqqjgdn9aw7x99gdl7jwkzc5";
+    });
+
+    environment.systemPackages = [ config.services.tinc.networks.${netname}.package ];
+
+    systemd.services."tinc.${netname}" = {
+      path = with pkgs; [ curl gnutar bzip2 ];
+      preStart = ''
+        curl https://lassul.us/retiolum-hosts.tar.bz2 | tar -xjvf - -C /etc/tinc/${netname}/ || true
+      '';
+    };
+
+    networking.firewall.allowedTCPPorts = [ 655 ];
+    networking.firewall.allowedUDPPorts = [ 655 ];
+    # services.netdata.portcheck.checks.tinc.port = 655;
+
+    systemd.network.enable = true;
+    systemd.network.networks = {
+      "${netname}".extraConfig = ''
+        [Match]
+        Name = tinc.${netname}
+        [Network]
+        Address=${cfg.ipv4}/12
+        Address=${cfg.ipv6}/16
+      '';
+    };
+  };
+}