Hosts setup succeeded

modules/my-tinc/hosts.nix

@@ -14,10 +14,10 @@ in
   config = mkIf cfg.enable {
     # All hosts we know of
     services.tinc.networks.my-tinc.hostSettings = mapAttrs (name: host: {
-      addresses = [ { inherit (host) address; } ];
+      addresses = [ { address = host.address; } ];
       subnets = [ { address = host.subnetAddr; } ];
-      rsaPublicKey = mkIf (host ? "rsaPublicKey") (builtins.readFile host.rsaPublicKey);
+      rsaPublicKey = if (host ? "rsaPublicKey") then (builtins.readFile host.rsaPublicKey) else null;
-      ed25519PublicKey = mkIf (host ? "ed25519PublicKey") (builtins.readFile host.ed25519PublicKey);
+      settings.Ed25519PublicKey = mkIf (host ? "ed25519PublicKey") (builtins.readFile host.ed25519PublicKey);
     }) hosts;
   };
 }

modules/my-tinc/hosts/default.nix

@@ -1,10 +1,8 @@
 {
   # TODO: Edit the list of hosts here.
-  hosts = {
+  nki-cloud = {
-    nki-cloud = {
+    subnetAddr = "10.0.0.10";
-      subnetAddr = "10.0.0.10";
+    address = "nki.personal";
-      address = "nki.personal";
+    rsaPublicKey = ./nki-cloud.pub;
-      rsaPublicKey = ./nki-cloud.pub;
-    };
   };
 }

nki-personal-do/configuration.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, config, ... }: {
   imports = [
     ./hardware-configuration.nix
     ./networking.nix # generated at runtime by nixos-infect
@@ -20,4 +20,14 @@
 
   system.autoUpgrade.enable = true;
   system.autoUpgrade.allowReboot = true;
+
+  # Secret management
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.age.sshKeyPaths = [ "/root/.ssh/id_ed25519" ];
+
+  # tinc
+  services.my-tinc.enable = true;
+  services.my-tinc.hostName = "nki-cloud";
+  sops.secrets.tinc-private-key = {};
+  services.my-tinc.rsaPrivateKey = config.sops.secrets.tinc-private-key.path;
 }

nki-personal-do/flake.lock

@@ -68,10 +68,45 @@
         "type": "github"
       }
     },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1625223284,
+        "narHash": "sha256-jjLcDSU1rRiJb+n3uez23XAa7kbnPcGZTa6jIKh1GMQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "357d2c8f6087685fe35cb1889a005a4dd4cce7b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "deploy-rs": "deploy-rs",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_2",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_3"
+      },
+      "locked": {
+        "lastModified": 1633273832,
+        "narHash": "sha256-oOjpMVYpkIUpiML61PeqTk+sg4juRvF7P6jroI/YvTw=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "2e86e1698d53e5bd71d9de5f8b7e8f2f5458633c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     },
     "utils": {

nki-personal-do/flake.nix

@@ -3,13 +3,15 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/21.05";
     deploy-rs.url = "github:Serokell/deploy-rs";
+    sops-nix.url = "github:Mic92/sops-nix";
   };
-  outputs = { self, nixpkgs, deploy-rs } : {
+  outputs = { self, nixpkgs, deploy-rs, sops-nix } : {
     # DigitalOcean node
     nixosConfigurations."nki-personal" = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       modules = [
         ../modules/my-tinc
+        sops-nix.nixosModules.sops
         ./configuration.nix
       ];
     };