nixos-config/nixos/machines/sterni/tinc.nix

{ config, lib, pkgs, ... }:

with lib;

{

  module.cluster.services.tinc = {
    "private" = {
      enable = true;
      openPort = true;
      connectTo = [ "robi" ];
    };
    "retiolum" = {
      enable = true;
      openPort = true;
    };
    "secret" = {
      enable = true;
      openPort = true;
      connectTo = [ "robi" ];
    };
  };

  sops.secrets.tinc_retiolum_ed25519_key = { };
  sops.secrets.tinc_retiolum_rsa_key = { };

  users.users."tinc.retiolum".group = "tinc.retiolum";
  users.groups."tinc.retiolum" = { };

  users.users."tinc.secret".group = "tinc.secret";
  users.groups."tinc.secret" = { };

}