{ ipv4, ipv6, config, optionalString, concatStringsSep, factsGenerator, mapAttrsToList, clanLib, ... }: let hosts = { bobi = "10.23.42.25"; cherry = "10.23.42.29"; chungus = "10.23.42.28"; # cream = "10.23.42.27"; mobi = "10.23.42.23"; orbi = "10.23.42.100"; }; subDomains = { # orbi "transmission2.orbi" = hosts.orbi; "sonarr.orbi" = hosts.orbi; "radarr.orbi" = hosts.orbi; "lidarr.orbi" = hosts.orbi; "prowlarr.orbi" = hosts.orbi; "photoprism.orbi" = hosts.orbi; # chungus "video.chungus" = hosts.chungus; "music.chungus" = hosts.chungus; "de.tts.chungus" = hosts.chungus; "en.tts.chungus" = hosts.chungus; "flix.chungus" = hosts.chungus; "git.chungus" = hosts.chungus; "grafana.chungus" = hosts.chungus; "loki.chungus" = hosts.chungus; "prometheus.chungus" = hosts.chungus; "s3.chungus" = hosts.chungus; "minio.chungus" = hosts.chungus; "sync.chungus" = hosts.chungus; "tdarr.chungus" = hosts.chungus; "tts.chungus" = hosts.chungus; "paperless.chungus" = hosts.chungus; }; network = "private"; Ed25519PublicKey = clanLib.readFact "tinc.private.ed25519_key.pub"; in { networking.firewall.trustedInterfaces = [ "tinc.${network}" ]; clan.core.facts.services.tinc_private = factsGenerator.tinc { name = "private"; }; services.tinc.networks = { ${network} = { ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path; interfaceType = "tap"; extraConfig = '' LocalDiscovery = yes ''; hostSettings = { mobi = { subnets = [ { address = hosts.mobi; } ]; settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB"; }; bobi = { subnets = [ { address = hosts.bobi; } ]; settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD"; }; # cream = { # subnets = [ { address = hosts.cream; } ]; # settings.Ed25519PublicKey = Ed25519PublicKey "cream"; # }; cherry = { subnets = [ { address = hosts.cherry; } ]; settings.Ed25519PublicKey = Ed25519PublicKey "cherry"; }; chungus = { subnets = [ { address = hosts.chungus; } ]; settings.Ed25519PublicKey = Ed25519PublicKey "chungus"; }; orbi = { addresses = [ { address = "95.216.66.212"; } ]; subnets = [ { address = hosts.orbi; } ]; settings.Ed25519PublicKey = Ed25519PublicKey "orbi"; }; }; }; }; systemd.network.enable = true; systemd.network.networks.${network}.extraConfig = '' [Match] Name = tinc.${network} [Link] # tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be MTUBytes=1377 [Network] ${optionalString (ipv4 != null) "Address=${ipv4}/24"} ${optionalString (ipv6 != null) "Address=${ipv6}/28"} RequiredForOnline = no LinkLocalAddressing = no ''; networking.extraHosts = concatStringsSep "\n" ( mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains) ); }