mirror of
https://github.com/ivabus/nixos
synced 2024-11-22 08:25:07 +03:00
Host private yggdrasil peer
Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
parent
89c283ee99
commit
409c6c276b
11 changed files with 43 additions and 7 deletions
|
@ -23,6 +23,7 @@ in {
|
||||||
torrent.enable = true;
|
torrent.enable = true;
|
||||||
virtualisation.enable = false;
|
virtualisation.enable = false;
|
||||||
yggdrasil-client.enable = true;
|
yggdrasil-client.enable = true;
|
||||||
|
yggdrasil-peer.enable = false;
|
||||||
|
|
||||||
server = { ivabus-dev.enable = false; };
|
server = { ivabus-dev.enable = false; };
|
||||||
};
|
};
|
||||||
|
|
|
@ -22,6 +22,7 @@ in {
|
||||||
torrent.enable = false;
|
torrent.enable = false;
|
||||||
virtualisation.enable = false;
|
virtualisation.enable = false;
|
||||||
yggdrasil-client.enable = false;
|
yggdrasil-client.enable = false;
|
||||||
|
yggdrasil-peer.enable = false;
|
||||||
|
|
||||||
server = { ivabus-dev.enable = false; };
|
server = { ivabus-dev.enable = false; };
|
||||||
};
|
};
|
||||||
|
|
|
@ -25,7 +25,7 @@ in {
|
||||||
ntp-server.enable = true;
|
ntp-server.enable = true;
|
||||||
torrent.enable = false;
|
torrent.enable = false;
|
||||||
virtualisation.enable = false;
|
virtualisation.enable = false;
|
||||||
yggdrasil-client.enable = true;
|
yggdrasil-peer.enable = true;
|
||||||
|
|
||||||
server = { ivabus-dev.enable = true; };
|
server = { ivabus-dev.enable = true; };
|
||||||
};
|
};
|
||||||
|
|
|
@ -29,7 +29,8 @@ in {
|
||||||
media-client.enable = true;
|
media-client.enable = true;
|
||||||
torrent.enable = false;
|
torrent.enable = false;
|
||||||
virtualisation.enable = false;
|
virtualisation.enable = false;
|
||||||
yggdrasil-client.enable = false;
|
yggdrasil-client.enable = true;
|
||||||
|
yggdrasil-peer.enable = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
my.users = {
|
my.users = {
|
||||||
|
|
|
@ -19,6 +19,7 @@ in {
|
||||||
latex.enable = true;
|
latex.enable = true;
|
||||||
virtualisation.enable = true;
|
virtualisation.enable = true;
|
||||||
yggdrasil-client.enable = true;
|
yggdrasil-client.enable = true;
|
||||||
|
yggdrasil-peer.enable = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
my.users = {
|
my.users = {
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
./torrent.nix
|
./torrent.nix
|
||||||
./virtualisation.nix
|
./virtualisation.nix
|
||||||
./yggdrasil-client.nix
|
./yggdrasil-client.nix
|
||||||
|
./yggdrasil-peer.nix
|
||||||
|
|
||||||
./server/nginx.nix
|
./server/nginx.nix
|
||||||
./server/ivabus-dev.nix
|
./server/ivabus-dev.nix
|
||||||
|
|
|
@ -1,17 +1,20 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, secrets, ... }:
|
||||||
|
|
||||||
let cfg = config.my.roles.yggdrasil-client;
|
let cfg = config.my.roles.yggdrasil-client;
|
||||||
in {
|
in {
|
||||||
options.my.roles.yggdrasil-client.enable =
|
options.my.roles.yggdrasil-client.enable =
|
||||||
lib.mkEnableOption "Enable yggdrasil";
|
lib.mkEnableOption "Enable yggdrasil";
|
||||||
config = lib.mkIf (cfg.enable) {
|
config = lib.mkIf (cfg.enable) {
|
||||||
|
my.features.secrets = lib.mkForce true;
|
||||||
services.yggdrasil = {
|
services.yggdrasil = {
|
||||||
enable = true;
|
enable = true;
|
||||||
persistentKeys = true;
|
persistentKeys = true;
|
||||||
settings = {
|
settings =
|
||||||
Peers = [
|
{
|
||||||
# TODO: Maybe add more peers, not only mine. But for now it's ok
|
# Not connecting to global ygg network
|
||||||
"tls://ygg.iva.bz:50002"
|
Peers = lib.mkDefault [
|
||||||
|
"quic://${secrets.yggdrasil-peer}:60003?password=${secrets.yggdrasil-password}"
|
||||||
|
"tls://${secrets.yggdrasil-peer}:60002?password=${secrets.yggdrasil-password}"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
26
roles/yggdrasil-peer.nix
Normal file
26
roles/yggdrasil-peer.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{ config, lib, secrets, ... }:
|
||||||
|
|
||||||
|
let cfg = config.my.roles.yggdrasil-peer;
|
||||||
|
in {
|
||||||
|
options.my.roles.yggdrasil-peer.enable =
|
||||||
|
lib.mkEnableOption "Enable yggdrasil (semi-public) peer";
|
||||||
|
config = lib.mkIf (cfg.enable) {
|
||||||
|
my.features.secrets = lib.mkForce true;
|
||||||
|
my.roles.yggdrasil-client.enable = true;
|
||||||
|
services.yggdrasil = {
|
||||||
|
enable = true;
|
||||||
|
persistentKeys = true;
|
||||||
|
settings =
|
||||||
|
{
|
||||||
|
# Not connecting to global ygg network
|
||||||
|
Peers = lib.mkForce [];
|
||||||
|
Listen = [
|
||||||
|
"quic://[::]:60003?password=${secrets.yggdrasil-password}"
|
||||||
|
"tls://[::]:60002?password=${secrets.yggdrasil-password}"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ 60002 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 60003 ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -8,4 +8,6 @@ in if (canaryHash != expectedHash && config.my.features.secrets) then
|
||||||
else {
|
else {
|
||||||
hashed-password = builtins.readFile ./secrets/hashed-password;
|
hashed-password = builtins.readFile ./secrets/hashed-password;
|
||||||
maas-address = builtins.readFile ./secrets/maas-address;
|
maas-address = builtins.readFile ./secrets/maas-address;
|
||||||
|
yggdrasil-peer = builtins.readFile ./secrets/yggdrasil-peer;
|
||||||
|
yggdrasil-password = builtins.readFile ./secrets/yggdrasil-password;
|
||||||
}
|
}
|
||||||
|
|
BIN
secrets/yggdrasil-password
Normal file
BIN
secrets/yggdrasil-password
Normal file
Binary file not shown.
BIN
secrets/yggdrasil-peer
Normal file
BIN
secrets/yggdrasil-peer
Normal file
Binary file not shown.
Loading…
Reference in a new issue