From bdbb5cea1e6afd8c11a3874b88292f20a1635b6d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 27 Jan 2022 20:51:53 +0100 Subject: ma tinc/retiolum: disable LocalDiscovery for supernodes --- makefu/2configs/tinc/retiolum.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'makefu/2configs/tinc') diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix index 0d2774209..a2b24d35a 100644 --- a/makefu/2configs/tinc/retiolum.nix +++ b/makefu/2configs/tinc/retiolum.nix @@ -1,10 +1,18 @@ -{ pkgs, config, ... }: +{ pkgs, lib, config, ... }: { imports = [ ../binary-cache/lass.nix ]; krebs.tinc.retiolum.enable = true; + krebs.tinc.retiolum.extraConfig = '' + StrictSubnets = yes + ${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) '' + LocalDiscovery = no + ''} + ''; + #krebs.tinc.retiolum.connectTo = [ "gum" ]; environment.systemPackages = [ pkgs.tinc ]; networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; + } -- cgit v1.2.3