From 0617c2f6029e6f3206d0577ad803b377ae096421 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 14 Apr 2021 09:25:54 +0100 Subject: [PATCH] Update README.md --- README.md | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 03035e4..03a9015 100644 --- a/README.md +++ b/README.md @@ -1 +1,62 @@ -retiolum tinc keys and hosts +# **Retiolum tinc keys and hosts** + +## Contents +1. [VPN Setup](#VPN-Setup) +2. [SSH Setup](#SSH-Setup) + +## VPN Setup +1. Install **tinc** (e.g. Ubuntu : sudo apt install tinc) + +2. Create the appropriate directory and perform the initial tinc startup +``` + $ sudo mkdir /etc/tinc/retiolum + $ sudo tincd -K -n retiolum + $ sudo systemctl enable --now tinc@retiolum +``` + +3. Provide the key generated in the previous step along with **{your_name}** to @Mic92 . + You will get your respective IP addresses in return. + +4. Create the tinc-up executable in the **/etc/tinc/retiolum** folder +``` + $ echo '#!/usr/bin/env bash + curl https://retiolum.thalheim.io/tinc-hosts.tar.bz2 | tar -xjvf - -C /etc/tinc/retiolum/ || true + ip link set $INTERFACE up + ip addr add "Provided_IPv4_from_Step_3"/12 dev $INTERFACE + ip addr add "Provided_IPv6_from_Step_3"/16 dev $INTERFACE' > /etc/tinc/retiolum/tinc-up + + $ chmod +x /etc/tinc/retiolum/tinc-up +``` + +5. Create (if it does not exist) the tinc configuration file +``` + $ echo 'DeviceType = tun + Interface = tinc.retiolum + Name = {your_name_from_Step_3} + LocalDiscovery = yes + ConnectTo = gum + ConnectTo = ni + ConnectTo = prism + ConnectTo = eve + ConnectTo = eva + AutoConnect = yes' > /etc/tinc/retiolum/tinc.conf +``` + +6. Restart the vpn service +``` + $ systemctl restart tinc@retiolum +``` +You should retrieve hosts' information after the restart. +The hosts folder should appear in /etc/tinc/retiolum +The list of the hosts is also available here : https://retiolum.thalheim.io/etc.hosts + +## SSH Setup +1. Generate an ssh key-pair or provide an already existing public ssh key to one of the authorised users. +2. One of the authorised users should add/modify the user's information in **/modules/users.nix** (https://github.com/Mic92/doctor-cluster-config) +3. Push the change to the repository +4. Log in to **rose**, pull the update(s) (if it's not done in the machine itelf) +5. Get in **/etc/nixos/** directory and run the script **./update-all.sh** +``` + $ cd /etc/nixos + $ ./update-all.sh +```