Commits on May 15, 2019
May 15, 2019
Other machines (e.g. developers' laptops) can use the VPN to connect to the different nodes in the cluster or even to route traffic through the VPN. Any server in the cluster acts as a NAT router. NixOS configuration for the clients can be found in test.nix.
Commits on May 12, 2019
May 12, 2019
Shared files are served via HTTP and encrypted with a preshared secret key. Remote files are fetched only if they are not already present. It is used to share Wireguard's public keys of the nodes with each other. For more sensitive data, future work should allow for asymmetric encryptions, the public keys being initially shared with this symmetric scheme. Options in the module are available to make it serve some files only within the VPN. This must remain the default setting.