Basic configuration for nki-home

nki-home tinc working Don't route tinc through vpn Don't do it lol Integrate home-manager Merge nki-home/flake into main flake Add MacOS clipboard compat Make VPN input a secret
2021-10-28 18:15:24 -04:00 · 2021-10-28 18:15:24 -04:00 · 466f5f1e90
commit 466f5f1e90
parent 1c3fd3f47b
15 changed files with 496 additions and 32 deletions
--- a/modules/my-tinc/default.nix
+++ b/modules/my-tinc/default.nix
@ -29,6 +29,11 @@ in
      type = types.enum hostNames;
      description = "The configured host name";
    };
+    bindPort = mkOption {
+      type = types.port;
+      default = 655;
+      description = "The port to listen on";
+    };
  };

  config = mkIf cfg.enable (builtins.seq
@ -83,6 +88,8 @@ in
        chroot        = false;        # otherwise addresses can't be a DNS
        interfaceType = "tap";        # tun might also work.

+        bindToAddress = "* ${toString cfg.bindPort}";
+
        ed25519PrivateKeyFile = cfg.ed25519PrivateKey;
        rsaPrivateKeyFile = cfg.rsaPrivateKey;
      };
--- a/modules/my-tinc/hosts/default.nix
+++ b/modules/my-tinc/hosts/default.nix
@ -6,6 +6,12 @@
    rsaPublicKey = builtins.readFile ./nki-cloud.pub;
  };

+  home = {
+    subnetAddr = "11.0.0.2";
+    rsaPublicKey = builtins.readFile ./nki-home.pub;
+    ed25519PublicKey = "Ts5OdPtBNLIRfosoYRcb6Z2iwWyOz/VKTKB9J0p5LlH";
+  };
+
  macbook = {
    subnetAddr = "11.0.0.3";
    rsaPublicKey = builtins.readFile ./nki-macbook.pub;
--- a/modules/my-tinc/hosts/nki-home.pub
+++ b/modules/my-tinc/hosts/nki-home.pub
@ -0,0 +1,24 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIECgKCBAEAxL0DTIcnBOhBCMdimixjZmvPdlN4fO+W2bXfYnqQuqZ3eak+vUv5
+Q0fddRIZHLFKh+97gacdoyRxvhGWod5kI0jiLypcAvF2IW/0RpbYMrLZDF/zKzQS
+COI5f+h3BjM/gjlkiuPscF2i53HjcytH4OkGbXMnNP0IYalB5ZYCiTveF+caECgO
+KyERSPCNwD9L5OXkmIJwh9ij+V5uvUj0+Khweq6f50R23DBmnWb4qmV+1VLCvY+z
+qvOkfXW0F06X00oPc9G/rTTLYq6A++/w7slO+fBiQfhw59QHnDcrqbbkaeL+3s/b
+haLUNXf47AFLCCKcj9Pg28whMcKRhSW1+f6Z1B5Yn5Ohf2JZnfNTOWb6AVS65rN1
+WkO+Dtc8BBQKC33xcDEcIp6muV2LF2J561zV+Wz5kZaBGEsERo55ctvazRi69MTt
+MsNKAIAMZNwv7QQ9+NdrV4ErlydidUXUXLg2VARPhEMi8Jlgd7u7Uf9nnk0sQyXo
+ML3HerTfydM+9SE6JtpM71B9a7J8fw4i9uf25PMqTK6GhfJtJmyaB8rp4O6gsrKm
+dUA8k4CGBWMi6jQxVksF0klew0vLVJWhA+izR6HwvXNEBTmjDqlEtRBdIVRXEBVf
+BiRS0u63Bi/S811KmzPnalYzj9OBHzAdD8k5TfipkHXF50bIi5YLNlSKkUafMXcv
+TsfXTVhDpptqwjMC8VddHPug9emavfoDuRpa+6zMjZUdVbGZp2V+RCAh3V9N8Xhc
+tKS9tNKX//E5rGpj2LCd4yZe+NPSUEwRk55NGrVXY6DeCB4bdIp/HqMWcsnLCP8I
+BQooOfRKwFd78QHkeoon7Ky4yfwyyoDoDRr+i0KhbVJIBSBBhjxrB2yH5s8bKz6u
+GyBo9csYoPH0TrrNnhHI7fXOC0I/Yn/zPEhdSnKDIqja/xtqlY4opNR9Ezmi3nCt
+EqNvfP8PRYjIGBpy6MfVdVomIPtJ3Y9wBEC29PXjElARGw6a8VR5KWy8n6CLbSq2
+b+iPVb9kP1/R0P9xGFyIbpvcgxAuSCsnwFmYIVUHAda3fd3hSHlV95Pu09QeVrTi
+SPNrgbX+1uJ/q3bEFpltmHNX2/XpnKFtd9FqDKELJTyQ1zG15FI93YPO80CPdp/w
+9ktj7BnR73Yc8l1c/rBaQ9/V71pnBwrUPqznXo1ilfI4oBcz4YKMqMNDWUCbCcES
+MLCiIHqHpodrC09xtldrAd3HyRDNhFsS53BpSKFvjKSKrhwHFN1nSXr5JUTc3Xun
+HcIAG0F38DgzvdUf+nvI79pSEzDGG+/jWI3nO9KzHHsxF0K2RBIuxTgmOj1Yo6ek
+01jlKDZgPWOs4wPYsQwYo/nwlba/zIm1qwIDAQAB
+-----END RSA PUBLIC KEY-----