made wireguard work again

flake.nix

@@ -199,7 +199,7 @@
               #  # inputs.clan-core.clanModules.sshd
               #];
               documentation.nixos.enable = true;
-              clan.static-hosts.topLevelDomain = "bear";
+              #clan.static-hosts.topLevelDomain = "bear";
               #clan.static-hosts.excludeHosts = lib.mkForce [ ];
               environment.systemPackages = [
                 clan-core.packages.${pkgs.system}.clan-cli

nixos/components/network/syncthing.nix

@@ -24,7 +24,7 @@ with lib; {
   };
 
   services.syncthing = {
-  enable = lib.mkForce false;
+    enable = lib.mkForce false;
     guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
     overrideDevices = lib.mkDefault true;
     key = "/run/facts/syncthing.key";

nixos/machines/cherry/wireguard.nix

@@ -1,6 +1,6 @@
 { config, factsGenerator, ... }:
 {
-
+  networking.firewall.allowedUDPPorts = [ 51820 ];
   clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
 
   # Enable WireGuard
@@ -11,14 +11,11 @@
       address = [ "10.100.0.7/32" ];
       listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
       privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
-
       mtu = 1280;
 
       peers = [
         {
-          # robi
-          # todo : use public facts here
-          publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
+          publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
           allowedIPs = [ "10.100.0.1/24" ];
           #endpoint = "ingolf-wagner.de:51820";
           endpoint = "95.216.66.212:51820";

nixos/machines/chungus/network-wireguard.nix

@@ -1,7 +1,6 @@
 { pkgs, config, factsGenerator, ... }:
 {
   networking.firewall.allowedUDPPorts = [ 51820 ];
-
   clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
 
   # Enable WireGuard
@@ -14,11 +13,9 @@
       privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
       mtu = 1280;
 
-      # server
       peers = [
         {
-          # orbi
-          publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
+          publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
           allowedIPs = [ "10.100.0.1/24" ];
           #endpoint = "ingolf-wagner.de:51820";
           endpoint = "95.216.66.212:51820";

nixos/machines/cream/tinc_retiolum.nix

@@ -7,8 +7,8 @@
   networking.retiolum.nodename = "sol";
 
   services.tinc.networks.retiolum = {
-    ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.ed25519_key.priv".path;
-    rsaPrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.rsa_key.priv".path;
+    ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
+    rsaPrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
   };
 
   #fileSystems."/retiolum/sicily" = {

nixos/machines/cream/wireguard.nix

@@ -15,8 +15,7 @@
 
       peers = [
         {
-          # robi
-          publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
+          publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
           allowedIPs = [ "10.100.0.1/24" ];
           #endpoint = "ingolf-wagner.de:51820";
           endpoint = "95.216.66.212:51820";

nixos/machines/orbi/network-wireguard.nix

@@ -1,4 +1,7 @@
 { pkgs, config, factsGenerator, ... }:
+let
+  publicKey = machine: (builtins.readFile "${config.clanCore.clanDir}/machines/${machine}/facts/wireguard.wg0.pub");
+in
 {
   networking.firewall.allowedUDPPorts = [ 51820 ];
   clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
@@ -25,14 +28,9 @@
       peers = [
         {
           # chungus
-          publicKey = "wb54y/fG8ocSH9QrDmfajez/fUcJBZK369xLu37XBHk=";
+          publicKey = publicKey "chungus";
           allowedIPs = [ "10.100.0.2/32" ];
         }
-        {
-          # sterni
-          publicKey = "SdMRgC5IM7dywzZxLAHm45cpj9J3IENTMClZm1BxbV4=";
-          allowedIPs = [ "10.100.0.3/32" ];
-        }
         {
           # iphone
           publicKey = "XPVzH+wBLsqukTHHjngkGJhYN0nRdQ7esadiimMJQnI=";
@@ -45,12 +43,12 @@
         }
         {
           # cream
-          publicKey = "R1Vk1DDG/LsVU0HHRDmOJshXOVnNzPVbuv5hP7ZSGEQ=";
+          publicKey = publicKey "cream";
           allowedIPs = [ "10.100.0.6/32" ];
         }
         {
           # cherry
-          publicKey = "ZNnlmPdxAGYtaUvOU2V47tcEhcB06LBCXkSxIvWZL2k=";
+          publicKey = publicKey "cherry";
           allowedIPs = [ "10.100.0.7/32" ];
         }
         {