{ config, pkgs, lib, retiolum, ... }: { # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" module.cluster.services.tinc."retiolum" = { networkSubnet = "10.243.0.0/16"; port = 720; extraConfig = '' LocalDiscovery = yes AutoConnect = yes ''; privateEd25519KeyFile = toString config.sops.secrets.tinc_retiolum_ed25519_key.path; privateRsaKeyFile = toString config.sops.secrets.tinc_retiolum_rsa_key.path; hosts = { pepe = { tincIp = "10.243.23.1"; publicKey = lib.fileContents ../../../assets/tinc/retiolum/host_file; }; sterni = { tincIp = "10.243.23.3"; publicKey = lib.fileContents ../../../assets/tinc/retiolum/host_file; }; }; }; networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts"); systemd.services."tinc.retiolum" = { preStart = '' cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true ''; }; }