zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 3 Pull Requests 1 Releases Wiki Activity

yggdrasil: properly add a static key

This commit is contained in:
Astro 2022-01-13 23:40:43 +01:00
parent 1f96222c4d
commit 6cc02abdb8
5 changed files with 86 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/net/c3d2.nix
View File

@ -81,11 +81,11 @@
c3d2-gw2 = "2a00:8180:2c00:223::c3d2:3"; c3d2-gw2 = "2a00:8180:2c00:223::c3d2:3";
c3d2-gw3 = "2a00:8180:2c00:223::c3d2:4"; c3d2-gw3 = "2a00:8180:2c00:223::c3d2:4";
}; };
hosts6.yggdrasil.c3d2-gw3 = "303:feb7:b244:77c3::1"; hosts6.yggdrasil.c3d2-gw3 = "30c:c3d2:b946:76d0::1";
subnets6 = { subnets6 = {
dn42 = "fd23:42:c3d2:523::/64"; dn42 = "fd23:42:c3d2:523::/64";
up4 = "2a00:8180:2c00:223::/64"; up4 = "2a00:8180:2c00:223::/64";
yggdrasil = "303:feb7:b244:77c3::/64"; yggdrasil = "30c:c3d2:b946:76d0::/64";
}; };
}; };

114
config/secrets-production.nix.gpg
View File

@ -1,58 +1,62 @@
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQEMA2PKcvDMvlKLAQf/Z5k1mYsMgxZQiA86eHoYBuMIK93QIQW8dH5eYk0P7Wj6 hQEMA2PKcvDMvlKLAQf/VrM3oRXn8dHbFyxWAps/OAhk83HD4RCIlSQUcEHYHi9i
RM0AZqvmkaD3iIeTtjURUaHL3RCoeaOdFfAaTb+kkL8sby0jtD+2SdyNGVgwxgXG hMr44NqNVms4/E02bWMKlkUZmeEaVo92QmTUYyDF8hZUgZ59Kh0gQoXbSukA+8Kn
MH1f3U0WpdmfCCtvnkNxjIx783BgBH0Eb84FO2BbGJZ9t8udDd1atmyqu25n7h6W lJ0HWg3HuAr/XqCDm3AWBzHAhuL8rYg8tKxwbvKNjk5uKd3VhpyEHYapBKmPgP5D
0oVR3jV3+zxbZbfjPTvBIGMjdn5diIYK37qgrW9xOQcdM8CtnocXJifNxo++Ge86 yeP+OoMwHxm9ltCrNKehWJavGpI0NolcLqoaOVrltwwlLCC6cWxH0SWnM1NUigJ5
HM8TDWu2qN0FRAWib+O2KM/uKBErw3kr3LTdMIhReivirdGLSRWqsR0uCGuyjaCY 3FfakgI2uD4wsfUB2DsIfP5rraCmC/K7PFSRxJ8z4LRDAG1WNxK7CA9oYFSqEIo7
3a0gI+ZBfauzTajIPmW+OGjMhjwwIXo3VW1OqceszdLrAeGluxzglWRHe0VCWga9 axMDZvRfFViqs1grXruTQzI2GAodvMt4Sqw9TXGi4tLrAU8a+GvXDcoIYHe2MmUP
K6bIoaJ+VoVVCKU0WvObSJXjRXcQ6u7jJBTdndyz/6qzPHLH+qSfJQHr6IDpVNEv dxN/tq8nJUE+PEq6RtdIcuOv1yhkgXHAfzcf7gWIugREglGywfX0Ops9+Mp8UQnz
mupghJnejgm4UYPtqy5bVsg5P7F2crvh/wRW9W0qAC2u6Ts47VY78xcBF5VO9t5T kRbPI4m7zkzIozsq0Q7CSrKVAwT/CC+gpMFtOx+uZOPC02p4za6yL5GMgPBKHmr8
T/j5RQvCTz3msFcbPhXFBL+OpzYC0/AKnD8CyhCEx7QYROIT/OnHBwUbfBQpeYmg qbMujryv30Ua48SeVRhgI+ScnUxXBau6VGWOPX4U7v6Y5jtJkea9lFHurNpByAaf
KB5+aAN3sTtbxI7BlUZoanVgeNjkj5JpvYtjj5Xe6biMNF5lJayYXtg7YKlkoJAP 4y12GFlePqbcVrGdcfCL15fDkhfi5ba1nlpi+dILJYegttis5iNMyueKb2jDzFjk
VAE0Uso/mFw3UFBL6TYkSx7aOHyaOkgkw530uK1sGoatOgPyy5ZxSTxdE+Rorggi vpY9PG0Npxa9YCq1IPawTEwU4/sFh00psM9jdXBNne33FNyYcpy+gF0+fCU6Y0o6
l5qevJUfOO4aV7A1cedmw8GqooxjSRrnfrQOMpTAEklUgJqk2GT7N5aNMHvKyxu7 qXB2V1iSaVLxW1te5UQV2rn0QAKwpbE+c7IL2oEizktBzNEDB94ls0hdzo8j1Umd
ey1P6LGHs3U1B9l8pZfpiz5amR3xI6XhJ3WN+G+rqA6hcE1QbtAg2eGu8XTqkty8 wCk6x7UGU0iJCZtg/a6THmDEoa7ib7U4qeBB8XoJYW6VA113ROc+VFbdl1aDyA3o
do/TT5qtHpTCLVlUByIoNmM2DkZulXFkwFqgEqKTI8zyuPMuO7994vzqBQV7s4ea jCB5zQR0/RI+xrvc9Vn57bmlrOsTVkG0kf17a3MWVfYobpHCg2OBTLlaGEfvdcZ1
NrYvBqvhGQVsBox/OAp8v2Kqtqb/rVpJqjOffj8W3EYgLF/I23Z7ycXS0Gnz2lSE EwMGTJhnakJIkbKJdO1b2ljp6NaJMxJdQLVHjyFB6JjDRosZPeW4qO5jRgShMaVL
9lWWCC9TBO7X70GRx1QxU8WctXxuOhRUzWSeUJHAhnGFfQ2hLLY0ZM1QhYXAhKpo 4ZZb3XORms679ItX19DanCEP2ouo8MP9Fbt3y6C/s0YqOOAOOa5o4Wb04098Upod
6DN3i9+8zSr+sOoXrFWc/vf0CkkK3HB7J8dNHjrfhkST9wbEXjfKYhCMT73tMT8r 7TH70faAtzgcx9nZ4aoPsXWgbvoEGWyJZvoRxF/6X887z+cLYtY+6K709TSsYc+F
7pF7NHLnw2+iM2M1muez6PB9TBaHmeI5X8hm+LJf7L9dQf1DOI9c8UVlGm0Qcz6z 3TGt8gpt+kzfwuGv9QUQ/tDAdvR3LPQ4zKJ4COJ89ybuop4+GlrQC2v/FvE58LJ+
TtNlAkClXOeGeSABC2K+Kkt0uDuOJhRmKdNErLN5rAxirzRo4TMVSmQ8oRdrh8ZV q1yS/kim+/FsvmwAM+7vYj/wn6hXAWn2rleWTcFgmu4MwIyxfwjUcTXRrUptvnRS
AeZstpmt7glsccyXGi51AH9YYl6orTR9rSjxJPHff5QxpXpUBfQPta0nAJNUtyXf juY71sqQMe/44QB2KZNDvNX6efj2ay0Uvx6MXBN2Wfkn0lFrlspcgP1eDdQZDgDU
bfDqY75Z79Q6ROEQpvMbZWFOGHvCqjKTMeUSL9tos4kX7hDYz9QV/xYjGgUJIpXy HyemCXAYmylUYXVNgwENksKpaV5vbSZSuN0QHzzcpNR/ur3Jne9uPe2AqzXanep9
SgsTCgiCTJbXr9rRsIFnEXa4xrxFcO1YAhLsAkE+VsR5bKZT9l6IQlWHIbPoudWU ozQoz7YCOlXxqqWzI2dV0JqszoLQA0OarFlGAmR1eA2tfxnUayMjHl85LEk2PGI6
acb5Fa6Aft+EmPD0vlnMIPEuenDg1HJU/Ehx54GDUkJIiK505GNSatraWgt5gUuR IMyKIyB28tkue1ualu/deq+3CHBdJmWLUeC7DSSUH8NLzChcnJDZA+Vyiic4Ovdr
PIJtDgaHyaAEAVWJQtb4GPlM0jmTl2jFpmCruZ98UnPZdTrgiPRGv6JVGj3ysZsj N+hTeUQM6BHIGNtgX7LtH+2phdA4Mc9Vl2b7AtDghZmz5IcBA90G8PVkhSBY0I/j
ivssxMfXii3CzxxTFI0ZJ38VV9O3vF6ygysFrw/wYlGrPes1NoX8x73zVKQpV6E7 ssphtIroQwfC9Z8vQmmQkwAv/VgHIstp8UM51K1c24ckCFduu2Vo6SOaDUwV2efF
Ip/gh0rgofgUmdJP6CT0fz7aEyVUarhWj9Vv5dRHnTvh817DEPhOylRTR8K0gtJV x/F4RPHr/A2TzdAZj3cIe5S4Gkc9D/5p8PJ2w2MuP+fKWTE9Z3IM7BlbO6VlLbxq
oEZ0H9bsG0WeSA2VMFyocSC5HkTGCnjUJzbQkUDnzswQ2S36SrArp0Wo+p65Iy6Q VZTIzjtivJKaD7B0hpyWcjqI6GU3o3FvMyOLCFTJvrXpWfCAErsHf1I8vtPI2T7I
VHCVZD49HazQG3uuhsHgBY2VMvuS3XaZHWbHviceU4HzvSRykq5j0BIM+bCpFB8X eBYl85LNOiqPTDkjqQHFe/BahPzNS8c1tdfdCmY1ILRdYCN2DM9RVZmbyypyt49z
YMhIjMBy8Z4B+UuiBEAz7zjduXwkZ2liSL0ZgXdtNmSY5CVtP2c3piY1J0ZFgYIR K3IHMi3G4RizGXQ+tdfmsqO/n7TInY9p3td2RcYcUT1AfQOkiMV9jBrBuylPcsvh
kQUI1rByBeDNP1Ic3aPwq1/mMsFfLRle9goZ/swCGu+/7smYQ3CDfJeavjJcPIVf q7AlmlIEPikhlXCxFIkt/zQPy6qyka2GS1n5yl0MyqE40e5pSZkkvBN1dt6+Kvxw
YJoP0PYZbqv2/C+Yve9KKsgYQSAfj3XordOpz/kB0hLtrMER07LTEhcGdeCbzGWc EIUyxRPlFjoQXtDgtAA8vEgl5feNkD1QviM+72dvPOo4lszHLHxdI87hqYCysRCA
Tx2fQXYHMpR+2dtgaiCQSsPIshlfcJkZY5F+Vt8LFhYKwFgXLUR/EJplgoFmcOSc XGaCa/qExxuG0Hl+6X7iI9adGlFz9iiQrVYjZoGOXC2z7Vkd8Dr4LY2xSyVHZDaQ
Ckfjmk2Mvgo/BffrcaoeyQGcVY5t96+pDPnRCZpNgfCHhcqkYVhZeATBLm85Tywt W4h7PJ5OPGKhwUY9V8ZDgSdiwLa0Bgoc+fSf/mDZhzOjV34tDh8G4gU3GaZGjG4Z
6FMnxbNCjl4LsvR9zP5RvO4LbRLY+d8QxloVlS8CkX6MbSHLr3varL6M0ldGSJ1G 8J2Hj1H4At4McETx+Tg5aqJfFM71EG8no5PNBaKXQ5lInMR5dFh+OUVizGmLDQmi
rqXYwhf0PDBVGUJKdZMLfvE7kqf9CaxHM5wR9V6lld2U5PEKKulS/6rCi2FewVhW a2aK6SzvwEegijKQWMyHTvPEzJAg/mghM2s1EN4kg12VvO9LEMC7F65YWkpGktg3
nydfZiUhopQhSDjjY5/xZQ33hkoZwkMaQFgLQgp1bEJLwC/c1pNrkw3uTBY5Z0VG Zch0J4b5z+QMMDOC/gAkYfalRvraV6rDRzhbrLsQe870zqvdyArurHbmpBpvE1Sv
vKwgiQ+i4VuF1OHZkv17VUBoyhFnC0/Q4PmeXQ8EV9FJ1uDmSEK25j9gqJLEm65z sDgcYKWwZ4w8gcxaju4qk9NNkFkPaZP/Cz346HWUDWPr8SbZGZ3O7WNm0JvFy9oS
saePYZRvHlPd4VoMs6IEy6g/4SidFd5078tm2smG3aeaup97u+Ss2ndh54l1O96i HwOm32yc8RT2dfzRIj4faGMrGUsXG5dULoyrYfatxDM3ohMt8BvvqJ8i2EVHpZI2
Zx3HfSjDvQ2XMSHkB2+ucu3dv9krchvJyV3zAxLPvZZvtpGQv/C5wY3h+tzR9dAR ZElpBo7qM08+9VpwBpBseBxjE3uAkqBAaBBwRfecJvQuFjgQowk8uOmhGvvPQ+v3
U4794sqwm/slPyzSc2CKfe2r7KEWKQiONFJqoLdnPJ36BKM2uzpBhCdxD++wvpFL lcTIErizNHDyKhbwMvzURNELa6TqThaeHQi3X9djiSvl+uUgu1nGnCZwK/ApYa0a
+qVWToMy32CyZMn9VP5X4zSyHEM2b1IZdyPnwqwZD8gqYid78MOkbr22hBnsLePW Z0BvM7sap63DTdete3iWo/OKKTL+yU6QpmV69wUNmVn867E+naX7GeqgMS2PcwdI
nizQL7/k6V1pp1cPcSwrbss1r27thclXh4RtkJxFdJj3WUyh0XP5y3YBhiXmBG/+ kFmWFzKf4m4BpodfJ8II0M3tE3nWYwGRKy72DjrP1TittRyhTIRMKh0N4jnYlh+g
P/TnvIC4L7JzBjZEAe33qIq9C1L8vxAPGCc4t/PifgP/pZkmmYt/3wPQ1gW+jjwx TeTodvcZL5xL2lwLvxBbULtz0wRVcloB1BPla2LiBlclpdKvKmgRk36gvq3E5N6/
eCuVq1L35q13FUj4XDHmJo64OyA1JalSN+FsogfyAzPSeKKNzkbTdH7F9+hLco3O CJ+BQ94QjLa1EcEBjYtK557nyFW2s3Km8tD1+FAO+uj2X9BLq9Qyax/FMteiSwF5
wfbrX0u9dmxn9LtEUlndBV4JkycjJtg+IhEcLcuhhyQMY4Z+znyO/Tq44ZBFNl7h rPEfy9OhZH2v2jkYCfc9scFA69PkskfJQ6ZfnJT4mYMmn1UEN3L+Q2b66hdaeIbo
TZmtUtbvE/Sw8eWZUEytGE3J4OeCMOuNNRJT161IYBkUjmUxYqeYXumQIkiFmgcU SmH7Es9xofBN+2MYOYPTg5ptyYUAlLVdnJrgAnKIylPr3iedBLJ2mYK6aDoj3PWT
dnCvbkcNgDdJiI1/qlV0hEmvILlOV2Le84O1dybTTzhn4AjFJuMPGa1+VwlsprDe 7klVaCJfxNxb7siiwKJjTvs7Y/7eI1mN5dsPW0OWCWONzR+XGu4wwT+CcZURB086
H6B/BQcq52/AlB6Px+blI3Zam8Xs1799PpHJ1SxZMp7blINp9myc+6sHp51mzfI2 yD4DyFOpZb42RN8NBTwyiKOYVsd/7jUKXat0HQswRy7hDW3qs5aIkLJCaX1vd9an
wENoS2Ri+SLxp3t0F15Us7DATaPDau/QLYRxDJIIr7IyoagjOFD1lBM2v2GJZW73 56b1Fwu9FMhIzEdLPPrJQMLA3xYDh4NiOwO0oy370Pdoy1aPa6lMA7QrQrZXfpsz
nevLGnxmYi+bW7yw5FYVgDsR75szHMD3eJyCaRuoHY2th44XbwZGNP57Kb3v7URi eFpgRSEkzJFlDRTSYsdczx3Kdpe8L9Ha3KJ3m261mQIUucnIFQlES1tfv2au87x6
CLFEiFgug4CJCLX3YZDPYm6ZXCNcGayNIFZRDUoCo4fdBkXWoFkPI+XfTtDIbzYt 48dZRT8EyAoTQiCH8e7sRpZUYllgM71peyQNWSnqoNERp9PL3eRTWzfa9xn9IglD
3P2UlMT7ucA9NM/1tl6uAFXlVT0ou1sNbs6pp534VlXmrkVoBivmqacL8004PU3Z CyuSAuRgivvSanVqNOX3xFQ1doAT4mfJ2HyA1IZOPXOxSGiueyAAOeUbQOsl7xHv
e2VEnTWA4fSiHyGu024Y6CbxDWOsT/RqdqdilHsi1i79/5xpaPNQlmmhKC9XiHnt 7L7UdvHpVta2Rn1I8kuPrvAGiFkM5ROyMF6bBqkwu+cZ+oNdP8xwZ6ovxOBNeAwV
C6FTA+tGzLKoDc+mtrlz1UDRyuGDeNcldgDD2HURarFWZHOHoR4LPfulryw8ZQRu Fx/ZEJZpnU2BAjkZrHA/OLJ7sgFo+Pqo0BpnDaZVO0xtVLYHUMBTqt4uGaHJ/qIJ
=pc7u 3KPJDjHq1CRyLFwQ+HKT3QYu9IsvJ33PQGwFcqP8pyuhXX0z3QaLUs9tZ93jW4d3
70XDQ0udMjazKHQnpLpqleVqvG6vDI5KcXRn8GzMyDHsSObak+pKNIm01TjYmDEj
cDk7a+5d5DNA4ELExj0Py/C3D8JtcQzycnZv6EwGsyLsDTtQhSkGHcvfK6u0SfvD
aWg=
=2R32
-----END PGP MESSAGE----- -----END PGP MESSAGE-----

7
config/secrets.nix
View File

@ -77,6 +77,13 @@
publicKey = "encrypted"; publicKey = "encrypted";
}; };
yggdrasil.services.yggdrasil.keys = ''
{
"PublicKey": "0000000000000000000000000000000000000000000000000000000000000000",
"PrivateKey": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
}
'';
ap1.wifi."platform/qca953x_wmac".ssids."uebergangsnetz".psk = "encrypted"; ap1.wifi."platform/qca953x_wmac".ssids."uebergangsnetz".psk = "encrypted";
ap10.wifi."platform/qca953x_wmac".ssids = { ap10.wifi."platform/qca953x_wmac".ssids = {
"Ebs 2000".psk = "encrypted"; "Ebs 2000".psk = "encrypted";

12
nix/lib/config/options.nix
View File

@ -401,9 +401,15 @@ let
type = types.bool; type = types.bool;
default = false; default = false;
}; };
services.yggdrasil.enable = mkOption { services.yggdrasil = {
type = types.bool; enable = mkOption {
default = false; type = types.bool;
default = false;
};
keys = mkOption {
type = types.str;
default = "";
};
}; };
links = mkOption { links = mkOption {
description = "Which port is connected to what other device? Keys are either network names or known hostnames."; description = "Which port is connected to what other device? Keys are either network names or known hostnames.";

11
nix/nixos-module/container/yggdrasil.nix
View File

@ -1,6 +1,9 @@
{ pkgs, lib, config, hostName, ... }: { pkgs, lib, config, hostName, ... }:
lib.mkIf config.site.hosts.${hostName}.services.yggdrasil.enable { let
hostConf = config.site.hosts.${hostName};
cfg = hostConf.services.yggdrasil;
in lib.mkIf cfg.enable {
networking.firewall.enable = false; networking.firewall.enable = false;
boot.postBootCommands = '' boot.postBootCommands = ''
@ -20,6 +23,11 @@ lib.mkIf config.site.hosts.${hostName}.services.yggdrasil.enable {
''; '';
}; };
systemd.tmpfiles.rules = [
"d /var/lib/yggdrasil 0700 root root -"
"L+ /var/lib/yggdrasil/keys.json - - - - ${builtins.toFile "keys.json" cfg.keys}"
];
services.yggdrasil = { services.yggdrasil = {
enable = true; enable = true;
persistentKeys = true; persistentKeys = true;
@ -44,5 +52,4 @@ lib.mkIf config.site.hosts.${hostName}.services.yggdrasil.enable {
}; };
}; };
}; };
} }