Official NixOS Wiki

Tinc: Difference between revisions

Newer edit →
imported>MrVanDalo
VisualWikitext
imported>MrVanDalo
A Tutorial to create a simple Tinc VPN network.
 
imported>MrVanDalo
mNo edit summary
Line 1: Line 1:
<pre>
!! This is a page work in progress !!
</pre>
= What is tinc =
= What is tinc =


Line 39: Line 36:
== Creatie host files ==
== Creatie host files ==


The hostfile can have a lot of parameters ((here is an overview)[https://www.tinc-vpn.org/documentation/Host-configuration-variables.html]).
The hostfile can have a lot of parameters ( (here is an overview)[https://www.tinc-vpn.org/documentation/Host-configuration-variables.html] ).


But these are the minimum needed for our setup
But these are the minimum needed for our setup
Line 46: Line 43:
* <code>Subnet</code> : The tinc network IP-Address (the one we want to connect to after the tinc network is setup).
* <code>Subnet</code> : The tinc network IP-Address (the one we want to connect to after the tinc network is setup).


The host files also need to contain the public keys for this host.
Also the host files need to contain the public keys for this host.


So lets create the two hostfiles. Asuming we have generated keys for the 2 machines and they are stored in the folders <code>heinz</code> and <code>peter</code>.
So lets create the two hostfiles. Asuming we have generated keys for the 2 machines and they are stored in the folders <code>heinz</code> and <code>peter</code>.
Line 113: Line 110:


Now we have everything we need to configure the <code>services.tinc</code> module in our <code>configuration.nix</code> files on both machines.
Now we have everything we need to configure the <code>services.tinc</code> module in our <code>configuration.nix</code> files on both machines.
You can recognise that the <code>services.tinc.&quot;${myMeshName}&quot;.hosts</code> have the same content on both machines.
It is also '''''Important''''' that you set <code>services.tinc.&quot;${myMeshName}&quot;.name</code> to a machine that is contained in the <code>services.tinc.&quot;${myMeshName}&quot;.hosts</code>.


=== /etc/nixos/tinc.nix on heinz ===
=== /etc/nixos/tinc.nix on heinz ===
Line 140: Line 141:
   services.tinc.networks.&quot;${myMeshName}&quot;= {
   services.tinc.networks.&quot;${myMeshName}&quot;= {


    # name
     name          = &quot;heinz&quot;;     # who are we in this network.
    # ----
    # who are we in this network.
    # it is important that a host file for this
    # otherwise the client gets confused.
    # this is why we have
    # services.tinc.networks.&quot;${myMeshName}&quot;.hosts.heinz
    # configured
     name          = &quot;heinz&quot;;


     debugLevel    = 3;            # the debug level for journal -u tinc.private
     debugLevel    = 3;            # the debug level for journal -u tinc.private
Line 164: Line 157:
       # if you don't set the path as string, it will import the file in
       # if you don't set the path as string, it will import the file in
       # in the nix/store where everybody can read it.
       # in the nix/store where everybody can read it.
       Ed25519PrivateKeyFile = &quot;/root/secrets/tinc/ed25519_key.priv&quot;
       Ed25519PrivateKeyFile = &quot;/root/secrets/heinz/ed25519_key.priv&quot;
       PrivateKeyFile        = &quot;/root/secrets/tinc/rsa_key.priv&quot;
       PrivateKeyFile        = &quot;/root/secrets/heinz/rsa_key.priv&quot;
     '';
     '';
     hosts = {
     hosts = {
      # content of hosts_heinz (from above)
       heinz = ''
       heinz = ''
         Address = 192.168.178.25
         Address = 192.168.178.25
Line 177: Line 171:
         -----END RSA PUBLIC KEY-----
         -----END RSA PUBLIC KEY-----
         '';
         '';
      # content of hosts_peter (from above)
       peter = ''
       peter = ''
         Address = 192.168.178.21
         Address = 192.168.178.21
Line 216: Line 211:
   services.tinc.networks.&quot;${myMeshName}&quot;= {
   services.tinc.networks.&quot;${myMeshName}&quot;= {


    # name
     name          = &quot;peter&quot;;     # who are we in this network.
    # ----
    # who are we in this network.
    # it is important that a host file for this
    # otherwise the client gets confused.
    # this is why we have
    # services.tinc.networks.&quot;${myMeshName}&quot;.hosts.peter
    # configured
     name          = &quot;peter&quot;;


     debugLevel    = 3;            # the debug level for journal -u tinc.private
     debugLevel    = 3;            # the debug level for journal -u tinc.private
Line 235: Line 222:
       # if you don't set the path as string, it will import the file in
       # if you don't set the path as string, it will import the file in
       # in the nix/store where everybody can read it.
       # in the nix/store where everybody can read it.
       Ed25519PrivateKeyFile = &quot;/root/secrets/tinc/ed25519_key.priv&quot;
       Ed25519PrivateKeyFile = &quot;/root/secrets/peter/ed25519_key.priv&quot;
       PrivateKeyFile        = &quot;/root/secrets/tinc/rsa_key.priv&quot;
       PrivateKeyFile        = &quot;/root/secrets/peter/rsa_key.priv&quot;
     '';
     '';
     hosts = {
     hosts = {
      # content of hosts_heinz (from above)
       heinz = ''
       heinz = ''
         Address = 192.168.178.25
         Address = 192.168.178.25
Line 248: Line 236:
         -----END RSA PUBLIC KEY-----
         -----END RSA PUBLIC KEY-----
         '';
         '';
      # content of hosts_peter (from above)
       peter = ''
       peter = ''
         Address = 192.168.178.21
         Address = 192.168.178.21
Retrieved from "https://wiki.nixos.org/wiki/Tinc"