stockholm -> hrm

author: tv <tv@krebsco.de> 2023-09-11 18:24:28 +0200
committer: tv <tv@krebsco.de> 2023-09-13 18:07:11 +0200
commit: 0c4f3acb281be6290c55a6e96bc29fab5b5c7a11 (patch)
tree: dadaec00477a095273475ac345b2066b4748c399 /configs/retiolum.nix
parent: ab1d0479e90f11806d4703ec6fffed3d5f782914 (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/configs/retiolum.nix b/configs/retiolum.nix
new file mode 100644
index 0000000..632cc97
--- /dev/null
+++ b/configs/retiolum.nix
@@ -0,0 +1,26 @@
+{ config, lib, mylib, pkgs, ... }: {
+  krebs.tinc.retiolum = {
+    enable = true;
+    connectTo = builtins.filter (mylib.ne config.krebs.build.host.name) [
+      "ni"
+      "prism"
+      "eve"
+    ];
+    extraConfig = ''
+      LocalDiscovery = yes
+    '';
+    tincPackage = pkgs.tinc_pre;
+    tincUp = lib.mkIf config.systemd.network.enable "";
+  };
+  systemd.network.networks.retiolum = {
+    matchConfig.Name = "retiolum";
+    address = let
+      inherit (config.krebs.build.host.nets.retiolum) ip4 ip6;
+    in [
+      "${ip4.addr}/${toString ip4.prefixLength}"
+      "${ip6.addr}/${toString ip6.prefixLength}"
+    ];
+  };
+  tv.iptables.input-internet-accept-tcp = [ "tinc" ];
+  tv.iptables.input-internet-accept-udp = [ "tinc" ];
+}
author	tv <tv@krebsco.de>	2023-09-11 18:24:28 +0200
committer	tv <tv@krebsco.de>	2023-09-13 18:07:11 +0200
commit	0c4f3acb281be6290c55a6e96bc29fab5b5c7a11 (patch)
tree	dadaec00477a095273475ac345b2066b4748c399 /configs/retiolum.nix
parent	ab1d0479e90f11806d4703ec6fffed3d5f782914 (diff)