Compare commits
8 Commits
2f7621e852
...
a26c526e93
Author | SHA1 | Date |
---|---|---|
Sven Slootweg | a26c526e93 | 5 years ago |
Sven Slootweg | a2f7bbbb41 | 5 years ago |
Sven Slootweg | 00dc1a3366 | 5 years ago |
Sven Slootweg | 6cec6c4a10 | 5 years ago |
Sven Slootweg | 932264ef0e | 5 years ago |
Sven Slootweg | a662249fd9 | 5 years ago |
Sven Slootweg | 935175a406 | 5 years ago |
Sven Slootweg | 1148ea30b5 | 5 years ago |
@ -1 +1,2 @@
|
||||
private
|
||||
/private
|
||||
.gcroots
|
||||
|
@ -0,0 +1,12 @@
|
||||
{
|
||||
"machine-haless-03.cryto.net" = {
|
||||
ipv4 = "31.7.187.145";
|
||||
internalIpv4 = "10.217.0.5";
|
||||
tincPublicKey = builtins.readFile ./tinc-keys/machine-haless-03.cryto.net.pub;
|
||||
};
|
||||
"machine-borg2-01.cryto.net" = {
|
||||
ipv4 = "205.185.121.93";
|
||||
internalIpv4 = "10.217.0.6";
|
||||
tincPublicKey = builtins.readFile ./tinc-keys/machine-borg2-01.cryto.net.pub;
|
||||
};
|
||||
}
|
@ -0,0 +1 @@
|
||||
FZNH5Z50Tr/Ep0VpbnIBasUxekLteUphr5Vzi6ONrNH
|
@ -0,0 +1 @@
|
||||
P4MOft3fYOHYpG0I58lYxdZm40u9CXhTH0jvuyIbKZP
|
@ -0,0 +1,62 @@
|
||||
/* TODO: Translate this to a service/module at some point? Something like 'cryto.network' that handles all the internal-networking stuff. */
|
||||
|
||||
{ hostname, nodes, pingInterval ? 10 }:
|
||||
{ lib, ... }: let
|
||||
/* NOTE: We cannot just use simple string interpolation, because tinc's configuration format is not indentation-tolerant. Therefore, we do some programmatic concatenation magic to ensure that everything is indentation-free, without turning this file into a mess of wrong indentation. */
|
||||
generateConfiguration = options:
|
||||
let
|
||||
keys = builtins.attrNames options;
|
||||
toPairs = map (key: {key = key; value = options.${key};});
|
||||
createConfigEntries = map (item: "${item.key} = ${toString item.value}");
|
||||
in
|
||||
builtins.concatStringsSep "\n" (createConfigEntries (toPairs keys));
|
||||
in {
|
||||
deployment.secrets = {
|
||||
"tinc-key" = {
|
||||
source = "../private/${hostname}/tinc-key.priv";
|
||||
destination = "/etc/tinc/cryto/ed25519_key.priv";
|
||||
owner = { user = "tinc.cryto"; };
|
||||
action = [ "systemctl" "restart" "tinc.cryto.service" ];
|
||||
};
|
||||
};
|
||||
|
||||
services.tinc.networks.cryto = {
|
||||
debugLevel = 3;
|
||||
|
||||
extraConfig = generateConfiguration {
|
||||
AutoConnect = "yes";
|
||||
PingInterval = pingInterval;
|
||||
};
|
||||
|
||||
hosts = let
|
||||
mapper = nodeName: nodeConfiguration:
|
||||
lib.nameValuePair
|
||||
/* NOTE: The below is because for a machine named `foo.bar-baz.net`, tinc expects a configuration file named `foo_bar_baz_net`. */
|
||||
( builtins.replaceStrings [ "." "-" ] [ "_" "_" ] nodeName )
|
||||
( generateConfiguration {
|
||||
# Address = nodeName;
|
||||
/* TODO: Figure out why a DNS name doesn't work here ("Error looking up machine-borg2-01.cryto.net port 655: Device or resource busy") */
|
||||
Address = nodeConfiguration.ipv4;
|
||||
Subnet = "${nodeConfiguration.internalIpv4}/32";
|
||||
Ed25519PublicKey = nodeConfiguration.tincPublicKey;
|
||||
} );
|
||||
in lib.mapAttrs' mapper nodes;
|
||||
};
|
||||
|
||||
networking.interfaces."tinc.cryto".ipv4.addresses = [{
|
||||
address = nodes.${hostname}.internalIpv4;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
655
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
655
|
||||
];
|
||||
trustedInterfaces = [
|
||||
"tinc.cryto"
|
||||
];
|
||||
};
|
||||
}
|
@ -0,0 +1,23 @@
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
||||
<title>Modular Matrix</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Modular Matrix</h1>
|
||||
<p>
|
||||
<em><strong>NOTE:</strong> If you're looking for the Matrix website, go to <a href="https://matrix.org">Matrix.org</a>. If you're looking for the Matrix hosting service, go to <a href="https://modular.im/">Modular.im</a>. This project is not affiliated with either of those two.</em>
|
||||
</p>
|
||||
<p>
|
||||
Hi! This will eventually be the website for Modular Matrix, a project to build a modular JavaScript SDK for the <a href="https://matrix.org">Matrix protocol</a>, as an alternative to the <code>matrix-js-sdk</code>.
|
||||
</p>
|
||||
<p>
|
||||
Currently there's not really anything here yet, though you can have a look at the <a href="https://www.npmjs.com/org/modular-matrix?tab=packages">already-published packages</a> if you're curious about how things are going.
|
||||
</p>
|
||||
<p>
|
||||
You can contact me on Matrix as <a href="https://matrix.to/#/@joepie91:pixie.town">@joepie91:pixie.town</a>.
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
@ -1 +1 @@
|
||||
SSH_USER=root morph deploy "$@" configuration/default.nix switch
|
||||
SSH_USER=root morph --keep-result deploy "$@" configuration/default.nix switch
|
||||
|
@ -0,0 +1 @@
|
||||
SSH_USER=root morph --keep-result upload-secrets "$@" configuration/default.nix
|
@ -0,0 +1,5 @@
|
||||
# From the machine's `private` folder:
|
||||
nix-shell --command 'tinc --batch --config ./ -n cryto generate-ed25519-keys' --packages tinc_pre
|
||||
|
||||
# NOTE: Change the machine name!
|
||||
mv ed25519_key.priv tinc-key.priv && sed -i -r 's/^Ed25519PublicKey = //' ed25519_key.pub && mv ed25519_key.pub ../../configuration/data/tinc-keys/machine-haless-03.cryto.net.pub
|
Loading…
Reference in New Issue