nixos-config/2configs/tinc/retiolum.nix

{ pkgs, lib, config, ... }:
{
  imports = [
    ../binary-cache/lass.nix
  ];

  krebs.tinc.retiolum = {
    enable = true;
    extraConfig = ''
      StrictSubnets = yes
      ${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) ''
        LocalDiscovery = no
      ''}
    '';
    privkey = config.sops.secrets."${config.clanCore.machineName}-retiolum.rsa_key.priv".path;
    privkey_ed25519 = config.sops.secrets."${config.clanCore.machineName}-retiolum.ed25519_key.priv".path;
  };
  environment.systemPackages = [ pkgs.tinc ];
  networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
  networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];

}
ma tinc/retiolum: disable LocalDiscovery for supernodes 2022-01-27 20:51:53 +01:00			`{ pkgs, lib, config, ... }:`
m 2 tinc: add missing retiolum config 2016-07-20 20:09:47 +02:00			`{`
m 2 retiolum: only use prism cache if in retiolum 2016-10-30 19:59:12 +01:00			`imports = [`
			`../binary-cache/lass.nix`
			`];`
secrets: do not load them from secrets/ anymore, but use clan 2023-10-02 00:42:44 +02:00
treewide: replace stockholm/lib with stockholm.lib 2023-07-02 16:05:52 +02:00			`krebs.tinc.retiolum = {`
			`enable = true;`
			`extraConfig = ''`
ma tinc/retiolum: disable LocalDiscovery for supernodes 2022-01-27 20:51:53 +01:00			`StrictSubnets = yes`
			`${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) ''`
			`LocalDiscovery = no`
			`''}`
			`'';`
secrets: do not load them from secrets/ anymore, but use clan 2023-10-02 00:42:44 +02:00			`privkey = config.sops.secrets."${config.clanCore.machineName}-retiolum.rsa_key.priv".path;`
			`privkey_ed25519 = config.sops.secrets."${config.clanCore.machineName}-retiolum.ed25519_key.priv".path;`
treewide: replace stockholm/lib with stockholm.lib 2023-07-02 16:05:52 +02:00			`};`
ma: random cleanup 2018-09-17 01:11:57 +02:00			`environment.systemPackages = [ pkgs.tinc ];`
ma tinc: open tinc ports in config 2018-12-13 01:34:15 +01:00			`networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];`
			`networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];`
ma tinc/retiolum: disable LocalDiscovery for supernodes 2022-01-27 20:51:53 +01:00
m 2 tinc: add missing retiolum config 2016-07-20 20:09:47 +02:00			`}`