# shared tinc file between client and server
{ config, pkgs, lib, ... }:
let nixosMachines = import <test-generated/nixos-machines.nix>;
in {

  imports = [ <cluster-module> ];

  networking.firewall.trustedInterfaces = [ "tinc.private" ];

  # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
  module.cluster.services.tinc = {
    "test" = {
      networkSubnet = "10.123.142.0/24";
      extraConfig = ''
        LocalDiscovery = yes
      '';
      privateEd25519KeyFile = toString <test-assets/tinc/ed25519_key>;
      privateRsaKeyFile = toString <test-assets/tinc/rsa_key>;
      hosts = {
        server = {
          tincIp = "10.123.142.1";
          realAddress = [ nixosMachines.nixserver-server.host.ipv4 ];
          publicKey = lib.fileContents <test-assets/tinc/server_host_file>;
        };
        sterni = {
          tincIp = "10.123.142.100";
          publicKey = lib.fileContents <test-assets/tinc/server_host_file>;
        };
      };
    };
  };
}