use clan-fact-generators now

Update facts/secrets for service tinc_secret in machine cherry

Update facts/secrets for service tinc_private in machine cherry

Update facts/secrets for service zerotier in machine test

Update facts/secrets for service wireguard in machine test

Update facts/secrets for service tinc in machine test

Update facts/secrets for service ssh in machine test

Update facts/secrets for service openssh in machine test

flake.nix

@@ -9,6 +9,8 @@
     flake-parts.url = "github:hercules-ci/flake-parts";
     flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
 
+    clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
+
     clan-core = {
       url = "git+https://git.clan.lol/clan/clan-core";
       #url = "git+file:///home/palo/dev/nixos/clan-core";
@@ -98,6 +100,7 @@
   outputs =
     inputs@{ self
     , clan-core
+    , clan-fact-generators
     , flake-parts
     , home-manager
     , home-manager-utils
@@ -139,7 +142,6 @@
             "python-2.7.18.7"
             "python-2.7.18.8"
           ];
-
           overlays = [
             (_self: _super: {
               # todo : remove this, we are on unstable in the future
@@ -163,8 +165,8 @@
         specialArgs = {
           inherit private_assets;
           assets = ./nixos/assets;
+          factsGenerator = clan-fact-generators.lib { inherit pkgs; };
         };
-
       };
 
       clanSetup =
@@ -209,7 +211,7 @@
         # ssh keys
         ({ config, ... }: {
           users.users.root.openssh.authorizedKeys.keyFiles = [
-          # master key
+            # master key
             ./nixos/assets/ssh/palo_rsa.pub
             # backup key
             "${config.clanCore.clanDir}/machines/chungus/facts/syncoid.ssh.id_ed25519.pub"
@@ -301,6 +303,7 @@
         specialArgs = meta.specialArgs;
 
         machines = {
+
           sternchen = clanSetup {
             name = "sternchen";
             #host = "sternchen.secure";

machines/cherry/facts/tinc.private.ed25519_key.pub

@@ -0,0 +1 @@
+Ed25519PublicKey = +9pGGFqwrjryr+nBHAZ5kpFlKZHUCNpDazFAlgC36xH

machines/cherry/facts/tinc.private.rsa_key.pub

@@ -0,0 +1,13 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAtEgBjP8UvC7xHy6Q2heK1OY6bzZaGnf788rfwyoijBvGm6jbU2Fo
+vmFqbJjWzmk8b70M7tE+WIwi+X8iLaG62VQ6k+W7LOUEtAPaT3A/qrrh1B35jkLq
+Par6DXad0DjMb5+pdOAdpTdOmA32stP73KIkatd3oVlIUXnktekuwS0Jiv2Y0UJi
+gfczV5//F5Jfz+j1sNicQLGHD6ZTnWdmfLGUlOxipdsd02lpCp7gXexejet6kc0R
+w4qlO/JZwUlyGW9+wsxwl5G750afJ3/jLg8Pq7P2g4KfnveqNi+aEng5owmjw/kW
+d7zSLYfdfo5ObAdI9W9fUh+sq6arzbKyCOBwZZ7z3ozR3gR0VxD259zY1FxCm8Lg
+bQeSDylWbMar/rTsY2UkBjdQAR1Ep3fvListmw3Ar6CfKUhacXBd3QZL+3jV04fh
+REM/vQD38M7sZf/gXF+pHeFHOLO7WEuJikypJielAYXd5NryEiZGocshrb5x9wQW
+q0UaFMkCvqQqmY4Ug02dx0TQdVoz0R7ExwtQ7FmpvaL3caEoTMppCzLhSU4HAkNI
+fdGq7NlZpZ5H/RqmNBkLNveVqI9oVleoV7+ZvRjpJTtmahj99LWl8Jmih9MT9Ztm
+5ISa9+/BuoMVK+yRuEm4sAwMrgJ8ixNQ7acfVyaPq8FpYwy9otk7X5ECAwEAAQ==
+-----END RSA PUBLIC KEY-----

machines/cherry/facts/tinc.secret.ed25519_key.pub

@@ -0,0 +1 @@
+Ed25519PublicKey = FPA3cyMfOFhyNIiPfrqBz6J2iC7dIqwMBGtzwzk4AGP

machines/cherry/facts/tinc.secret.rsa_key.pub

@@ -0,0 +1,13 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAz24q7llZDc5cYTndRfzJe3LY2cVU/An43k8heLMkNfBtjwF1yAuZ
+6VRreDeMa6ZXX3TA1f20VfCKQZMRVdiWncYRg/h6+1efdh6U5REnNeURp1My5zKJ
+n9edZdaWM72aWg0pKOz+iyBTiREVvwcfaqnfnFl0ZjuxsOMJQiqzycAG747sYHqY
+1OiUJ//6q9udI/Q4cQtiK63Qb0lUrYM1OgBN2mh3tQoAZievelutZCIHTzZy7e5q
+SoOXUMF9ppD51zKUCsjaGeGa8svkCbQQRjcaUFnWu3R/ztE+AJqJ91pNMKPDiGpd
+TZ4WxPXpIP7kOKL/dpleahIZNJVyxbWM786aPww1GMkCmDlGrevG+BbxLpM3B7Sq
+u/mpNId3yuXwkGTO0PTr+qQaVK0XS5aqOi43wchZDFhyWsORSjLk0gozYAqxTtRY
+lWjSQjJzo4E6YgVQwSHG+19R833dCoLjD+XZFo0TMMvByzpSBEWzgjMN9khaYJ6+
+IW4m037Dpfyyd4m41l8nt937H2uCdx7yYq6vI5hrNRKOTfz5lAz1QXmA6Pfib4o3
+I6kWgqpnytKYwE2vigTnV5SUcNvLOj5oWQWfsDfpme7QfWhtU1Ho2kQYg6fEmQLM
+SRGc4tqB7e08A6csDBQxXnbnT3v6pSnZgutMGTqEOs9CesJKYDx6sOECAwEAAQ==
+-----END RSA PUBLIC KEY-----

nixos/components/network/tinc/default.nix

@@ -1,4 +1,4 @@
-{ lib, config, ... }:
+{ lib, config, factsGenerator, ... }:
 with lib;
 {
 
@@ -24,13 +24,13 @@ with lib;
       ipv4 = config.tinc.private.ipv4;
       ipv6 = null;
       inherit (lib) optionalString concatStringsSep mapAttrsToList;
-      inherit config;
+      inherit config factsGenerator;
     }))
     (mkIf config.tinc.secret.enable (import ./secret.nix {
       ipv4 = config.tinc.secret.ipv4;
       ipv6 = null;
       inherit (lib) optionalString concatStringsSep mapAttrsToList;
-      inherit config;
+      inherit config factsGenerator;
     }))
   ];
 }

nixos/components/network/tinc/private.nix

@@ -3,6 +3,7 @@
 , config
 , optionalString
 , concatStringsSep
+, factsGenerator
 , mapAttrsToList
 , ...
 }:
@@ -58,15 +59,11 @@ in
 {
   networking.firewall.trustedInterfaces = [ "tinc.${network}" ];
 
-  clanCore.facts.services.tinc_private = {
-    secret."tinc_private.ed25519_key" = { };
-    generator.script = "";
-  };
+  clanCore.facts.services.tinc_private = factsGenerator.tinc { name = "private"; };
 
-  #  nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
   services.tinc.networks = {
     ${network} = {
-      ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_private.secret."tinc_private.ed25519_key".path;
+      ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
       interfaceType = "tap";
       extraConfig = ''
         LocalDiscovery = yes

nixos/components/network/tinc/secret.nix

@@ -4,6 +4,7 @@
 , optionalString
 , concatStringsSep
 , mapAttrsToList
+, factsGenerator
 , ...
 }:
 let
@@ -18,11 +19,11 @@ let
   network = "secret";
 in
 {
-  sops.secrets.tinc_ed25519_key = { };
+  clanCore.facts.services.tinc_secret = factsGenerator.tinc { name = "secret"; };
 
   services.tinc.networks = {
     ${network} = {
-      ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
+      ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
       extraConfig = ''
         LocalDiscovery = yes
         Port = ${toString port}

nixos/machines/cherry/tinc.nix

@@ -4,7 +4,7 @@
   tinc.private.enable = true;
   tinc.private.ipv4 = "10.23.42.29";
 
-  #tinc.secret.enable = true;
-  #tinc.secret.ipv4 = "10.123.42.29";
+  tinc.secret.enable = true;
+  tinc.secret.ipv4 = "10.123.42.29";
 
 }