summaryrefslogtreecommitdiffstats
path: root/2configs/tinc/retiolum.nix
diff options
context:
space:
mode:
Diffstat (limited to '2configs/tinc/retiolum.nix')
-rw-r--r--2configs/tinc/retiolum.nix10
1 files changed, 8 insertions, 2 deletions
diff --git a/2configs/tinc/retiolum.nix b/2configs/tinc/retiolum.nix
index d1cfc2f88..2ba547331 100644
--- a/2configs/tinc/retiolum.nix
+++ b/2configs/tinc/retiolum.nix
@@ -3,13 +3,19 @@
imports = [
../binary-cache/lass.nix
];
- krebs.tinc.retiolum.enable = true;
- krebs.tinc.retiolum.extraConfig = ''
+ sops.secrets."retiolum.rsa_key.priv" = {};
+ sops.secrets."retiolum.ed25519_key.priv" = {};
+ krebs.tinc.retiolum = {
+ enable = true;
+ extraConfig = ''
StrictSubnets = yes
${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) ''
LocalDiscovery = no
''}
'';
+ privkey = config.sops.secrets."retiolum.rsa_key.priv".path;
+ privkey_ed25519 = config.sops.secrets."retiolum.ed25519_key.priv".path;
+ };
environment.systemPackages = [ pkgs.tinc ];
networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 21:58:09 +0000