retiolum/README.md
2021-07-19 17:50:40 +02:00

2.1 KiB

Retiolum tinc keys and hosts

Contents

  1. VPN Setup
  2. SSH Setup

VPN Setup

  1. Install tinc (e.g. Ubuntu : sudo apt install tinc, MacOS: brew install tinc --devel)

  2. Create the appropriate directory and perform the initial tinc startup

    $ sudo mkdir /etc/tinc/retiolum
    $ sudo tincd -K -n retiolum
    $ sudo systemctl enable --now tinc@retiolum
  1. Provide the key generated in the previous step along with {your_name} (unique name for the machine) to @Mic92. You will get your respective IP addresses in return.

  2. Create the tinc-up executable in the /etc/tinc/retiolum folder

    $ echo '#!/usr/bin/env bash
    curl https://retiolum.thalheim.io/tinc-hosts.tar.bz2 | tar -xjvf - -C /etc/tinc/retiolum/ || true
    ip link set $INTERFACE up
    ip addr add "Provided_IPv4_from_Step_3"/12 dev $INTERFACE
    ip addr add "Provided_IPv6_from_Step_3"/16 dev $INTERFACE' > /etc/tinc/retiolum/tinc-up

    $ chmod +x /etc/tinc/retiolum/tinc-up
  1. Create (if it does not exist) the tinc configuration file
    $ echo 'DeviceType = tun
    Interface = tinc.retiolum
    Name = {your_name_from_Step_3}
    LocalDiscovery = yes
    ConnectTo = gum
    ConnectTo = ni
    ConnectTo = prism
    ConnectTo = eve
    ConnectTo = eva
    AutoConnect = yes' > /etc/tinc/retiolum/tinc.conf
  1. Restart the vpn service
    $ systemctl restart tinc@retiolum

You should retrieve hosts' information after the restart. The hosts folder should appear in /etc/tinc/retiolum The list of the hosts is also available here : https://retiolum.thalheim.io/etc.hosts

SSH Setup

  1. Generate an ssh key-pair or provide an already existing public ssh key to one of the authorised users.
  2. One of the authorised users should add/modify the user's information in /modules/users.nix (https://github.com/Mic92/doctor-cluster-config)
  3. Push the change to the repository
  4. Log in to rose, pull the update(s) (if it's not done in the machine itelf)
  5. Get in /etc/nixos/ directory and run the script ./update-all.sh
    $ cd /etc/nixos
    $ ./update-all.sh