mirror of
https://github.com/ivabus/nixos
synced 2024-11-21 16:05:07 +03:00
Host private yggdrasil peer
Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
parent
89c283ee99
commit
409c6c276b
11 changed files with 43 additions and 7 deletions
|
@ -23,6 +23,7 @@ in {
|
|||
torrent.enable = true;
|
||||
virtualisation.enable = false;
|
||||
yggdrasil-client.enable = true;
|
||||
yggdrasil-peer.enable = false;
|
||||
|
||||
server = { ivabus-dev.enable = false; };
|
||||
};
|
||||
|
|
|
@ -22,6 +22,7 @@ in {
|
|||
torrent.enable = false;
|
||||
virtualisation.enable = false;
|
||||
yggdrasil-client.enable = false;
|
||||
yggdrasil-peer.enable = false;
|
||||
|
||||
server = { ivabus-dev.enable = false; };
|
||||
};
|
||||
|
|
|
@ -25,7 +25,7 @@ in {
|
|||
ntp-server.enable = true;
|
||||
torrent.enable = false;
|
||||
virtualisation.enable = false;
|
||||
yggdrasil-client.enable = true;
|
||||
yggdrasil-peer.enable = true;
|
||||
|
||||
server = { ivabus-dev.enable = true; };
|
||||
};
|
||||
|
|
|
@ -29,7 +29,8 @@ in {
|
|||
media-client.enable = true;
|
||||
torrent.enable = false;
|
||||
virtualisation.enable = false;
|
||||
yggdrasil-client.enable = false;
|
||||
yggdrasil-client.enable = true;
|
||||
yggdrasil-peer.enable = false;
|
||||
};
|
||||
|
||||
my.users = {
|
||||
|
|
|
@ -19,6 +19,7 @@ in {
|
|||
latex.enable = true;
|
||||
virtualisation.enable = true;
|
||||
yggdrasil-client.enable = true;
|
||||
yggdrasil-peer.enable = false;
|
||||
};
|
||||
|
||||
my.users = {
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
./torrent.nix
|
||||
./virtualisation.nix
|
||||
./yggdrasil-client.nix
|
||||
./yggdrasil-peer.nix
|
||||
|
||||
./server/nginx.nix
|
||||
./server/ivabus-dev.nix
|
||||
|
|
|
@ -1,17 +1,20 @@
|
|||
{ config, lib, ... }:
|
||||
{ config, lib, secrets, ... }:
|
||||
|
||||
let cfg = config.my.roles.yggdrasil-client;
|
||||
in {
|
||||
options.my.roles.yggdrasil-client.enable =
|
||||
lib.mkEnableOption "Enable yggdrasil";
|
||||
config = lib.mkIf (cfg.enable) {
|
||||
my.features.secrets = lib.mkForce true;
|
||||
services.yggdrasil = {
|
||||
enable = true;
|
||||
persistentKeys = true;
|
||||
settings = {
|
||||
Peers = [
|
||||
# TODO: Maybe add more peers, not only mine. But for now it's ok
|
||||
"tls://ygg.iva.bz:50002"
|
||||
settings =
|
||||
{
|
||||
# Not connecting to global ygg network
|
||||
Peers = lib.mkDefault [
|
||||
"quic://${secrets.yggdrasil-peer}:60003?password=${secrets.yggdrasil-password}"
|
||||
"tls://${secrets.yggdrasil-peer}:60002?password=${secrets.yggdrasil-password}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
26
roles/yggdrasil-peer.nix
Normal file
26
roles/yggdrasil-peer.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, lib, secrets, ... }:
|
||||
|
||||
let cfg = config.my.roles.yggdrasil-peer;
|
||||
in {
|
||||
options.my.roles.yggdrasil-peer.enable =
|
||||
lib.mkEnableOption "Enable yggdrasil (semi-public) peer";
|
||||
config = lib.mkIf (cfg.enable) {
|
||||
my.features.secrets = lib.mkForce true;
|
||||
my.roles.yggdrasil-client.enable = true;
|
||||
services.yggdrasil = {
|
||||
enable = true;
|
||||
persistentKeys = true;
|
||||
settings =
|
||||
{
|
||||
# Not connecting to global ygg network
|
||||
Peers = lib.mkForce [];
|
||||
Listen = [
|
||||
"quic://[::]:60003?password=${secrets.yggdrasil-password}"
|
||||
"tls://[::]:60002?password=${secrets.yggdrasil-password}"
|
||||
];
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 60002 ];
|
||||
networking.firewall.allowedUDPPorts = [ 60003 ];
|
||||
};
|
||||
}
|
|
@ -8,4 +8,6 @@ in if (canaryHash != expectedHash && config.my.features.secrets) then
|
|||
else {
|
||||
hashed-password = builtins.readFile ./secrets/hashed-password;
|
||||
maas-address = builtins.readFile ./secrets/maas-address;
|
||||
yggdrasil-peer = builtins.readFile ./secrets/yggdrasil-peer;
|
||||
yggdrasil-password = builtins.readFile ./secrets/yggdrasil-password;
|
||||
}
|
||||
|
|
BIN
secrets/yggdrasil-password
Normal file
BIN
secrets/yggdrasil-password
Normal file
Binary file not shown.
BIN
secrets/yggdrasil-peer
Normal file
BIN
secrets/yggdrasil-peer
Normal file
Binary file not shown.
Loading…
Reference in a new issue