properly set up retiolum

flake.nix

@@ -360,9 +360,10 @@
             host = "cherry.bear";
             modules = [
               nixos-hardware.nixosModules.framework-13th-gen-intel
+              retiolum.nixosModules.retiolum
+              private_assets.nixosModules.yubikey
               homeManagerModules
               stylixModules
-              private_assets.nixosModules.yubikey
               { home-manager.users.mainUser.gui.enable = true; }
               {
                 home-manager.users.mainUser = import ./homes/palo;

machines/cherry/configuration.nix

@@ -12,6 +12,7 @@
     ./qemu.nix
 
     ./network-tinc.nix
+    ./network-tinc_retiolum.nix
     ./network-wireguard.nix
 
     ./37c3.nix

machines/cherry/network-tinc_retiolum.nix

@@ -0,0 +1,27 @@
+{ config, factsGenerator, ... }:
+{
+
+  clanCore.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
+
+  networking.retiolum.port = 720;
+  networking.retiolum.nodename = "cherry";
+
+  services.tinc.networks.retiolum = {
+    ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
+    rsaPrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
+  };
+
+  #fileSystems."/retiolum/sicily" = {
+  #  device = "//sicily.r/tonne";
+  #  fsType = "cifs";
+  #  options = [
+  #    "guest"
+  #    "nofail"
+  #    "noauto"
+  #    "ro"
+  #    "rsize=16777216"
+  #    "cache=loose"
+  #    "x-systemd.after=network.target"
+  #  ];
+  #};
+}