nixos-config/nixos/components/network/tinc/retiolum.nix

{ config, pkgs, lib, retiolum, ... }:
{

  # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
  module.cluster.services.tinc."retiolum" = {
    networkSubnet = "10.243.0.0/16";
    port = 720;
    extraConfig = ''
      LocalDiscovery = yes
      AutoConnect = yes
    '';
    privateEd25519KeyFile = toString config.sops.secrets.tinc_retiolum_ed25519_key.path;
    privateRsaKeyFile = toString config.sops.secrets.tinc_retiolum_rsa_key.path;
    hosts = {
      pepe = {
        tincIp = "10.243.23.1";
        publicKey = lib.fileContents ../../../assets/tinc/retiolum/host_file;
      };
      sterni = {
        tincIp = "10.243.23.3";
        publicKey = lib.fileContents ../../../assets/tinc/retiolum/host_file;
      };
    };
  };

  networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
  systemd.services."tinc.retiolum" = {
    preStart = ''
      cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true
    '';
  };

}