{ config, pkgs, ... }: # To have this node join the network, generate keys, add the new host with its # public keys to the list in this file, then rebuild. # # - mkdir -pv -- /etc/tinc/tyilnet # - nix-shell -p tinc_pre --run "tinc -n tyilnet generate-keys 4096" # - $EDITOR /etc/nixos/configuration.nix # ? networking.interfaces."tinc.tyilnet".address # - services.tinc.networks.tyilnet.name # - imports += [ "./apps/vpn-tinc.nix" ] # - cat /etc/tinc/tyilnet/*.pub # - $EDITOR /etc/nixos/apps/vpn-tinc.nix { environment = { etc = { # This part should be written to configuration.nix while I try to learn # how to do it cleanly with a simple variable # #"tinc/tyilnet/tinc-up".source = pkgs.writeScript "tinc-up" '' # #!${pkgs.stdenv.shell} # ${pkgs.nettools}/bin/ifconfig $INTERFACE 10.57.50.50 netmask 255.255.0.0 #''; "tinc/tyilnet/tinc-down".source = pkgs.writeScript "tinc-down" '' #!${pkgs.stdenv.shell} /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down ''; }; }; networking = { firewall = { allowedUDPPorts = [ 655 ]; allowedTCPPorts = [ 655 ]; }; }; security.sudo.extraRules = [ { users = [ "tinc.tyilnet" ]; commands = [ { command = "${pkgs.nettools}/bin/ifconfig"; options = [ "NOPASSWD" ]; } ]; } ]; services = { tinc = { networks = { tyilnet = { debugLevel = 3; chroot = false; interfaceType = "tap"; extraConfig = '' ConnectTo = caeghi_tyil_net ConnectTo = denahnu_tyil_net ConnectTo = faiwoo_tyil_net ConnectTo = gaeru_tyil_net ConnectTo = hurzak_tyil_net ConnectTo = jaomox_tyil_net Ed25519PrivateKeyFile = /etc/tinc/tyilnet/ed25519_key.priv PrivateKeyFile = /etc/tinc/tyilnet/rsa_key.priv ''; hosts = { anoia_tyil_net = '' Subnet = 10.57.100.3/32 Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/ DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8 bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ== -----END RSA PUBLIC KEY----- ''; bast_tyil_net = '' Subnet = 10.57.50.50/32 Ed25519PublicKey = De60ft6TStf9oJ060kxpSmX7xJ/ZVO9EFXgQdqWcWaO -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAwvOYvgciXHsrqMHIWKDUcJjCF1ARjAxqb3s/BzRlz0XcynzpYDV/ EtiZWRkKmDveUILe8pk3gFlu2vwen9DGVydg+tW4G0z4NIejoC9FR8a/NpjTzMvw gNCihTFpPqoqn7loy+OdHIWv34v26zUFY8r0W1XUX0O0vtUcWTHwkV6DggujFPxG SM9yGyl7MxuDbr9EP520dsklWGQT93RlUizr1dm2QNLgQN6+FMTpVPJN/2uaHSMo 9xx3vLltqweyvMrIWCPQQSu+vj9Dqq+4ToC2rXkEfMsjkDyVJViOzSarZfAHCdJL S/aZh4PC9EMsc+DmoIQwN7fKG3CQkm3QZ2P1WKG0jNZ2jdC50G7G9QypKdPFh5Al Oy6z/+VG05+ouRmfQTi12Kap7aakMOw9vjL1BSGgoTxToS7m+O5Q9ByodhVhRBMc pp0ZHvPhZjM0jmtqrTtTkQDGonCiN/IxOdneTkiM0lW9UnROWqYJHL1B92sVyADw S9ddyfUbUFLnOdJkF/JBFR3d5GxIcY1HVfYbugbIBGnal5koALFfhDkYJqQbbuAz z1rSm4yYFWKKFThpZA1oRvEh9UJNbFOepreImCmUKZurgQZFMUjRMRtTcRXy07fR /EctKPyzDKmQOHlnR4hNd3laefwL0vMO7Wra4NqoJx4MMmnPtl5s8okCAwEAAQ== -----END RSA PUBLIC KEY----- ''; caeghi_tyil_net = '' Address = 116.202.102.33 Subnet = 10.57.20.2/32 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5 t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1 OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/ 8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ== -----END RSA PUBLIC KEY----- ''; denahnu_tyil_net = '' Address = 81.2.254.110 Subnet = 10.57.20.4/32 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2 LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4 Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl 9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb 6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ== -----END RSA PUBLIC KEY----- ''; edephas_tyil_net = '' Subnet = 10.57.100.7/32 Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ== -----END RSA PUBLIC KEY----- ''; faiwoo_tyil_net = '' Address = 65.21.5.254 Subnet = 10.57.20.5/32 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht Tozv5RHGGUNoSigbDxJSe16RQ0ESAzGNPSUEV6kntySXLvHSYb+SdjFm2wRpL8FI 8t69ZnRF0x+4ZShfa0rgco8sDdkhuPMNrPu8U6bMs+o4Lh8sVTRhDThv2+VfQkxG T4G9kgdsxP0yi8sq1uflSYY3mYlVl9OPZwSO+vcVO9JFPvkVYFrqDHtvFGFqziQ/ KvKcjwDTjpNVkFfJD6SIheeVrhysGk8qQIVMYc8yW9I8HGD7uP1BccZ0C/+b310i y3qkNz/qqtgy0AxrrzbmFsVDgVyiPlwsD2SL+C4m6uEvB0FvYeL2/7vL8fI4RqcJ ORAcA5G4FgzZRgHdZoZ1W4OB6eUCV4g9l425qbP3VVngJjX9PjPA/puz0i1IB0ZW 6ijGccgYtyj5+ibt3if0+inepT2BJba7pyQ4A92ogfsQKlSg1x27CfvsGKuMZjdo y/akxYPEqKHQK37smpjcQTLVmLTTbGnf30ObTNW5LOJUmBue9B4fqBA/NV4fM1Gj Omw/lazjwrJuenwEeGegRQhvjKlBLdjOnzsLoVrCCIe90KK/+RVSC0Mi2D0dzEPE BNSbD4EJYs+6dJVT7+sneS8iwg9kG9wZ+UjeO4vraEjMrKj9BaKiJ1cCAwEAAQ== -----END RSA PUBLIC KEY----- ''; gaeru_tyil_net = '' Address = 37.48.120.26 Subnet = 10.57.20.6/32 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W 5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179 B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v 7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ== -----END RSA PUBLIC KEY----- ''; hurzak_tyil_net = '' Address = 178.162.131.11 Subnet = 10.57.20.7/32 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8 k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6 BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31 IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0 ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF 5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6 xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50 CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ== -----END RSA PUBLIC KEY----- ''; ivdea_tyil_net = '' Subnet = 10.57.100.8/32 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3 WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4 j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ== -----END RSA PUBLIC KEY----- ''; jaomox_tyil_net = '' Address = 163.172.218.246 Subnet = 10.57.21.1/32 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8 SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7 rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ== -----END RSA PUBLIC KEY----- ''; ludifah_tyil_net = '' Subnet = 10.57.100.9/32 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn HS5TfmukDtHev/Z2p/UmBSHtaMT2/G+Nz7ogT0rMRBtjAk+DR9FYFz75zmsjQuFQ U+deh/fQgrpsEDiNmapRtM6EwYYH/A/0MJ2eN9HPVUB864mN79ZfEhTWMbv6khbq VwqAd+9GbjfRPLqifRpS9LuspXNpCBOl+r5l7+T1llN/BUgs71BVWbssaRUH7B2I rS9qjhWfUN9RC3PX98yVbzTOeL/jxNn57eOr/KUDtRpqQwy2zFTAxT+d+X37abYK OyHXBs3rLtpleoh6Hw9UNwLDUVfjpcrxwgFEogJosiA+CBG26b5H6mm+updkyKTE 4r5y1+8dLQpmaLIaI7KFbPJTUaJvfGRwzulA/lDRdmZaetrHKrMqZyQ4M1Yq67Ba 0cqDQEvnY/XoKTJTgNxn8cWMKm+biB7zs/92pKKPRmv6DQ+gjrDTepn5XzVbIFS9 GM30AqQiqoNL0PbTYWMPQmznEJo8LyehWr621/GARLTMFa3Pp7eGm7Afwy4zA4hG AZLNXdEE7YMVoQUHWfiTGUl9yxX7o6g3gdZloAwGjeGB7BHOmi4SJEg1hUJ8wOn8 wtnjybxDTxdRkQ2RMdlsfSGZsu7jUxSjnPvwLWH/2cHXSmencQXOhTUCAwEAAQ== -----END RSA PUBLIC KEY----- ''; }; }; }; }; }; }