Add yoga to tinc

.sops.yaml

@@ -4,6 +4,7 @@ keys:
   - &nki_pc age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
   - &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
   - &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
+  - &nki_yoga age1vhjhmxura35apu5zdwg5ur5r40xay45ld9szh07dy0ph9chgsu7shfm4h9
 creation_rules:
   - path_regex: kagami-air-m1/secrets\.yaml$
     key_groups:
@@ -22,3 +23,8 @@ creation_rules:
         - *nki_pc
         - *nkagami_main
         - *nkagami_do
+  - path_regex: nki-yoga-g8/secrets\.yaml$
+    key_groups:
+    - age:
+        - *nki_yoga
+        - age1axvjllyv2gutngwmp3pvp4xtq2gqneldaq2c4nrzmaye0uwmk9lqsealdv # The machine itself

modules/my-tinc/default.nix

@@ -34,11 +34,6 @@ in
       default = 655;
       description = "The port to listen on";
     };
-
-    meshIp = mkOption {
-      type = types.str;
-      description = "The mesh ip to be assigned by hostname";
-    };
   };
 
   config = mkIf cfg.enable (builtins.seq
@@ -51,7 +46,6 @@ in
         myMeshIp = myHost.subnetAddr;
       in
       {
-        services.my-tinc.meshIp = myMeshIp;
         # Scripts that set up the tinc services
         environment.etc = {
           "tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''

modules/my-tinc/hosts/default.nix

@@ -22,4 +22,9 @@
     subnetAddr = "11.0.0.4";
     ed25519PublicKey = "6MN5LVE4juavv8qJW2dTN4t/haKCADWquAQj/ADF7iN";
   };
+
+  yoga = {
+    subnetAddr = "11.0.0.5";
+    ed25519PublicKey = "n+gIZjuuTPxi0OBqw2oOcmXd3loOHG+GQHBMXNlgyqI";
+  };
 }

modules/my-tinc/hosts/yoga-g8.pub

@@ -0,0 +1 @@
+Ed25519PublicKey = n+gIZjuuTPxi0OBqw2oOcmXd3loOHG+GQHBMXNlgyqI

nki-yoga-g8/configuration.nix

@@ -15,6 +15,18 @@
       ../modules/services/edns
     ];
 
+  # Secrets
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  ## tinc
+  sops.secrets."tinc-private-key" = { };
+  services.my-tinc = {
+    enable = true;
+    hostName = "yoga";
+    ed25519PrivateKey = config.sops.secrets."tinc-private-key".path;
+  };
+
   services.xserver.desktopManager.plasma6.enable = true;
 
   # Power Management

nki-yoga-g8/secrets.yaml

@@ -0,0 +1,30 @@
+tinc-private-key: ENC[AES256_GCM,data:lzmisexQPfRlIMGqbmb+uqGtOPceQ3CJGlVOeOC6nbP/IDwkufSWtxugYmUwi9IJKwO0mldijiKWuG3p9005H++8567hhPy/bU7fA4vyVC+3UVGW6l0mE+yKQXTyI7kzxkXMCK5a4Q4rUJj544vU6pt75/mytfg+Cox2woGZAHZvJ/pRuHDe2t3R6w3EYYTu6x1w5azGnFvCOVdR6XPsGJA2p3oRnEpz64L7KD2QOdtm0YsfMnorH9FbvkZgNr927VbRnBRJ1QM=,iv:4K4w6ruQxtRGjmFnWszlXZKp36TuTTnrB0sDEE/tmrM=,tag:NBP897Sw84bvZTvo/+fVfA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vhjhmxura35apu5zdwg5ur5r40xay45ld9szh07dy0ph9chgsu7shfm4h9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseVN3ODV1YkZnNms0Y09l
+            dUFBK1EyOTEydWg5KzAwcjZVSG8yYlRDWlhRCklLS2ZJNlBvSlEyOGF2ZFg2UGVW
+            UC9LN0hxdmtGN3JlOWJaTU5hbGwvc2MKLS0tIGM1NGZxd1NoTXNacEJqMVlsbTdi
+            MytuNUNydmJYWFYyQk9DaHVuVk85cjAKScucMPO8pyMlSxFw09NqzqVmDYVEh5xT
+            4fSTAsMwIiuOyV7jvHYORxKWNMLr5t6fnj8+OFq5qUc//jNWf9pVuA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1axvjllyv2gutngwmp3pvp4xtq2gqneldaq2c4nrzmaye0uwmk9lqsealdv
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNXp6MWZGb2dGdW1ML2xq
+            ZWMvSVdWalQ5Z2NzTWd3Z1AweXlXZnRwUWtRCkY1VFhPS0NtbFZKU0VCMlAvSmhG
+            N2NmdWxTUEpMb05Ld3p6MzhhRkdBc3cKLS0tIGQ0TmFxdk1GV205azRzZ0hUWitj
+            eitNc1E2SzY5bkUxNWtNczRsWWJaU2MKUIu9GT7zu0MvvnXxiQfLW9pQcxFKOwPm
+            VRU2k3XQkYjSDZX29DxrOzaPS/L3OYNyBYMyOW8GyMa2V12lMH6lPQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-23T16:24:43Z"
+    mac: ENC[AES256_GCM,data:YTPZCX2Nkws0EJB/+PJVCYlKN0BoWqDRIH5QfhB7ayQ42tkUlz60Bt1ksbEMNtz2RS4sJSp4dlihTBLO4gRHbeMZf40f+j42Td4Dj0etqOkaspR5q5mE1XR8ml7QRzALEq5SHRi13szfO4BHaaFsSHTyFgKxA4uDzZ4JnBoxjAQ=,iv:KuO4rhO9vH+HqcgqTvOYBayitFzLhm4CQRTyzIplKnM=,tag:G/qgcxZoc89etzkUnkw02Q==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1