Tinc: Difference between revisions

Line 71:

=== tinc-up/tinc-down ===

A more robust but more complicated way to configure the ~~interaces is~~ the <code>tinc-up</code> and <code>tinc-down</code> scripts.

A more robust but more complicated way to configure the interfaces are the <code>tinc-up</code> and <code>tinc-down</code> scripts.

First we have to create the scripts:

Line 84:

/run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down

'';</pre>

For the <code>tinc-down</code> we need to use sudo because we the user <code>tinc.private</code> who starts the service is not able to tear the interface ~~down~~.

For the <code>tinc-down</code> we need to use sudo, because the user <code>tinc.private</code> who starts the service is not able to tear down the interface.

So we have to ~~give~~ make sure this user can call sudo without entering a password.

So we have to make sure this user can call sudo without entering a password.

<pre> security.sudo.extraRules = [

Line 101:

== Open the Firewall ==

The computer which you connect to ~~need~~ to open some ports.

The computer which you connect to needs to open some ports.

<pre>networking.firewall.allowedUDPPorts = [ 655 ];

Line 107:

== use service.tinc module ==

Now we have everything we need to configure the <code>services.tinc</code> module in our <code>configuration.nix</code> ~~files~~ on both machines.

Now we have everything we need to configure the <code>services.tinc</code> module in our <code>configuration.nix</code> file on both machines.

You can recognise that the <code>services.tinc."${myMeshName}".hosts</code> have the same content on both machines.

It is also '''~~''Important''~~''' that you set <code>services.tinc."${myMeshName}".name</code> to a machine that is contained in the <code>services.tinc."${myMeshName}".hosts</code>.

It is also '''important''' that you set <code>services.tinc."${myMeshName}".name</code> to a machine that is contained in the <code>services.tinc."${myMeshName}".hosts</code>.

=== /etc/nixos/tinc.nix on heinz ===

Line 124:

in {

~~# open tinc ports~~

~~# ---------------~~

~~networking.firewall.allowedTCPPorts = [ 655 ];~~

~~networking.firewall.allowedUDPPorts = [ 655 ];~~

# simple interface setup

@@ Line 71: / Line 71: @@
 === tinc-up/tinc-down ===
-A more robust but more complicated way to configure the interaces is the <code>tinc-up</code> and <code>tinc-down</code> scripts.
+A more robust but more complicated way to configure the interfaces are the <code>tinc-up</code> and <code>tinc-down</code> scripts.
 First we have to create the scripts:
@@ Line 84: / Line 84: @@
    /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
 '';</pre>
-For the <code>tinc-down</code> we need to use sudo because we the user <code>tinc.private</code> who starts the service is not able to tear the interface down.
+For the <code>tinc-down</code> we need to use sudo, because the user <code>tinc.private</code> who starts the service is not able to tear down the interface.
-So we have to give make sure this user can call sudo without entering a password.
+So we have to make sure this user can call sudo without entering a password.
 <pre>  security.sudo.extraRules = [
@@ Line 101: / Line 101: @@
 == Open the Firewall ==
-The computer which you connect to need to open some ports.
+The computer which you connect to needs to open some ports.
 <pre>networking.firewall.allowedUDPPorts = [ 655 ];
@@ Line 107: / Line 107: @@
 == use service.tinc module ==
-Now we have everything we need to configure the <code>services.tinc</code> module in our <code>configuration.nix</code> files on both machines.
+Now we have everything we need to configure the <code>services.tinc</code> module in our <code>configuration.nix</code> file on both machines.
 You can recognise that the <code>services.tinc.&quot;${myMeshName}&quot;.hosts</code> have the same content on both machines.
-It is also '''''Important''''' that you set <code>services.tinc.&quot;${myMeshName}&quot;.name</code> to a machine that is contained in the <code>services.tinc.&quot;${myMeshName}&quot;.hosts</code>.
+It is also '''important''' that you set <code>services.tinc.&quot;${myMeshName}&quot;.name</code> to a machine that is contained in the <code>services.tinc.&quot;${myMeshName}&quot;.hosts</code>.
 === /etc/nixos/tinc.nix on heinz ===
@@ Line 124: / Line 124: @@
 in {
-  # open tinc ports
-  # ---------------
-  networking.firewall.allowedTCPPorts = [ 655 ];
-  networking.firewall.allowedUDPPorts = [ 655 ];
    # simple interface setup