{ ipv4 , ipv6 , config , optionalString , concatStringsSep , mapAttrsToList , ... }: let hosts = { mobi = "10.23.42.23"; sterni = "10.23.42.24"; bobi = "10.23.42.25"; pepe = "10.23.42.26"; cream = "10.23.42.27"; chungus = "10.23.42.28"; cherry = "10.23.42.29"; robi = "10.23.42.111"; orbi = "10.23.42.100"; }; subDomains = { # orbi "transmission2.orbi" = hosts.orbi; "sonarr.orbi" = hosts.orbi; "radarr.orbi" = hosts.orbi; "prowlarr.orbi" = hosts.orbi; "photoprism.orbi" = hosts.orbi; # robi "grafana.robi" = hosts.robi; "loki.robi" = hosts.robi; "prometheus.robi" = hosts.robi; "sync.robi" = hosts.robi; "transmission.robi" = hosts.robi; "transmission2.robi" = hosts.robi; "sonarr.robi" = hosts.robi; "radarr.robi" = hosts.robi; "tdarr.robi" = hosts.robi; "prowlarr.robi" = hosts.robi; "jellyseerr.robi" = hosts.robi; "unmanic.robi" = hosts.robi; # chungus "de.tts.chungus" = hosts.chungus; "en.tts.chungus" = hosts.chungus; "flix.chungus" = hosts.chungus; "git.chungus" = hosts.chungus; "grafana.chungus" = hosts.chungus; "loki.chungus" = hosts.chungus; "prometheus.chungus" = hosts.chungus; "s3.chungus" = hosts.chungus; "minio.chungus" = hosts.chungus; "sync.chungus" = hosts.chungus; "tdarr.chungus" = hosts.chungus; "tts.chungus" = hosts.chungus; "paperless.chungus" = hosts.chungus; }; network = "private"; in { networking.firewall.trustedInterfaces = [ "tinc.${network}" ]; clanCore.facts.services.tinc_private = { secret."tinc_private.ed25519_key" = { }; generator.script = ""; }; # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" services.tinc.networks = { ${network} = { ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_private.secret."tinc_private.ed25519_key".path; interfaceType = "tap"; extraConfig = '' LocalDiscovery = yes ''; hostSettings = { mobi = { subnets = [{ address = hosts.mobi; }]; settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB"; }; cream = { subnets = [{ address = hosts.cream; }]; settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL"; }; cherry = { subnets = [{ address = hosts.cherry; }]; settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC"; }; sterni = { subnets = [{ address = hosts.sterni; }]; settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O"; }; bobi = { subnets = [{ address = hosts.bobi; }]; settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD"; }; pepe = { subnets = [{ address = hosts.pepe; }]; settings.Ed25519PublicKey = "LnE+w6ZfNCky4Kad3TBxpFKRJ2PJshkSpW6mC3pcsPI"; }; chungus = { subnets = [{ address = hosts.chungus; }]; settings.Ed25519PublicKey = "mJP+zzYGv42KItpSf3lMkr3dwa5xW3n3hi0W2Z75jfJ"; }; robi = { addresses = [{ address = "144.76.13.147"; }]; subnets = [{ address = hosts.robi; }]; settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL"; }; orbi = { addresses = [{ address = "95.216.66.212"; }]; subnets = [{ address = hosts.orbi; }]; settings.Ed25519PublicKey = "/1OE8xsnRT6egxd/+iH9TE+tzlwiUJeNsGFIIWyc70A"; }; }; }; }; systemd.network.enable = true; systemd.network.networks.${network}.extraConfig = '' [Match] Name = tinc.${network} [Link] # tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be MTUBytes=1377 [Network] ${optionalString (ipv4 != null) "Address=${ipv4}/24"} ${optionalString (ipv6 != null) "Address=${ipv6}/28"} RequiredForOnline = no LinkLocalAddressing = no ''; networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)); }