{ config, pkgs, lib, ... }:
{


  # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
  module.cluster.services.tinc."secret" = {
    networkSubnet = "10.123.42.0/24";
    port = 721;
    extraConfig = ''
      LocalDiscovery = yes
      AutoConnect = yes
    '';
    privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
    privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
    hosts = {
      sternchen = {
        tincIp = "10.123.42.25";
        publicKey = lib.fileContents ../../../assets/tinc/sternchen_host_file;
      };
      sterni = {
        tincIp = "10.123.42.24";
        publicKey = lib.fileContents ../../../assets/tinc/workout_host_file;
      };
      robi = {
        realAddress = [ "144.76.13.147" ];
        tincIp = "10.123.42.123";
        publicKey = lib.fileContents ../../../assets/tinc/robi_host_file;
      };
    };
  };

}