2022-01-27 16:20:53 +00:00
|
|
|
{ config, lib, pkgs, ... }:
|
2015-07-23 00:11:56 +00:00
|
|
|
|
|
|
|
{
|
|
|
|
|
2015-10-01 20:13:40 +00:00
|
|
|
krebs.iptables = {
|
2015-07-23 00:11:56 +00:00
|
|
|
tables = {
|
2017-09-19 09:51:22 +00:00
|
|
|
filter.INPUT.rules = let
|
|
|
|
tincport = toString config.krebs.build.host.nets.retiolum.tinc.port;
|
|
|
|
in [
|
|
|
|
{ predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
|
|
|
|
{ predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
|
2015-07-23 00:11:56 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2016-07-20 15:20:47 +00:00
|
|
|
krebs.tinc.retiolum = {
|
2015-07-23 00:11:56 +00:00
|
|
|
enable = true;
|
|
|
|
connectTo = [
|
2015-10-30 23:12:15 +00:00
|
|
|
"prism"
|
2017-01-11 23:18:43 +00:00
|
|
|
"ni"
|
2022-01-24 16:08:09 +00:00
|
|
|
"eve"
|
2015-07-23 00:11:56 +00:00
|
|
|
];
|
2019-05-29 13:40:44 +00:00
|
|
|
extraConfig = ''
|
2022-01-24 16:08:09 +00:00
|
|
|
StrictSubnets = yes
|
2022-01-27 16:20:53 +00:00
|
|
|
${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) ''
|
|
|
|
LocalDiscovery = no
|
|
|
|
''}
|
2019-05-29 13:40:44 +00:00
|
|
|
'';
|
2015-07-23 00:11:56 +00:00
|
|
|
};
|
2016-03-15 13:00:55 +00:00
|
|
|
|
2022-01-24 16:08:09 +00:00
|
|
|
# never connect via gum (he eats our packets!)
|
|
|
|
krebs.hosts.gum.nets.retiolum.tinc.weight = 9000;
|
|
|
|
|
2016-03-15 13:00:55 +00:00
|
|
|
nixpkgs.config.packageOverrides = pkgs: {
|
|
|
|
tinc = pkgs.tinc_pre;
|
|
|
|
};
|
2017-05-22 15:22:28 +00:00
|
|
|
|
|
|
|
environment.systemPackages = [
|
|
|
|
pkgs.tinc
|
|
|
|
];
|
2015-07-23 00:11:56 +00:00
|
|
|
}
|