{ ipv4, ipv6, config, optionalString, concatStringsSep, mapAttrsToList, factsGenerator, ... }: let port = 721; hosts = { cherry = "10.123.42.29"; # cream = "10.123.42.27"; robi = "10.123.42.123"; sternchen = "10.123.42.25"; sterni = "10.123.42.24"; }; network = "secret"; in { clan.core.facts.services.tinc_secret = factsGenerator.tinc { name = "secret"; }; services.tinc.networks = { ${network} = { ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path; extraConfig = '' LocalDiscovery = yes Port = ${toString port} ''; hostSettings = { sternchen = { subnets = [ { address = hosts.sternchen; } ]; settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB"; }; # cream = { # subnets = [ { address = hosts.cream; } ]; # settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL"; # }; cherry = { subnets = [ { address = hosts.cherry; } ]; settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC"; }; sterni = { subnets = [ { address = hosts.sterni; } ]; settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O"; }; robi = { addresses = [ { address = "144.76.13.147"; port = port; } ]; subnets = [ { address = hosts.robi; } ]; settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL"; }; }; }; }; systemd.network.enable = true; systemd.network.networks.${network}.extraConfig = '' [Match] Name = tinc.${network} [Link] # tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be MTUBytes=1377 [Network] ${optionalString (ipv4 != null) "Address=${ipv4}/24"} ${optionalString (ipv6 != null) "Address=${ipv6}/28"} RequiredForOnline = no LinkLocalAddressing = no ''; networking.extraHosts = concatStringsSep "\n" ( mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts ); services.openssh.knownHosts = { # "cream.${network}" = { # hostNames = [ # "cream.${network}" # hosts.cream # ]; # publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD"; # }; "sternchen.${network}" = { hostNames = [ "sterni.${network}" hosts.sterni ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q"; }; "sterni.${network}" = { hostNames = [ "sterni.${network}" hosts.sterni ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht"; }; "robi" = { hostNames = [ "robi.${network}" hosts.robi ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; }; }; }