courge: generalize using hostName

[julm/julm-nix.git] / share / nebula / sourcephile.fr.nix

diff --git a/share/nebula/sourcephile.fr.nix b/share/nebula/sourcephile.fr.nix
index 373dfbfc5c56688c3219d4fee4bd54e5ff7d84d4..64594b73e0cb8e940479dadbeddcdaf347f87ab2 100644 (file)
--- a/share/nebula/sourcephile.fr.nix
+++ b/share/nebula/sourcephile.fr.nix
@@ -10,7 +10,7 @@ in
   systemd.services."nebula@${domain}" = {
     stopIfChanged = false;
     serviceConfig.LoadCredentialEncrypted = [
-      "${hostName}.key:${inputs.self}/hosts/${hostName}/nebula/${hostName}.key.cred"
+      "${hostName}.key:${builtins.path { path = inputs.self + "/hosts/${hostName}/nebula/${hostName}.key.cred"; }}"
     ];
   };
   install.target = lib.mkDefault "\"\${NIXOS_TARGET:-root@${config.networking.hostName}.sp}\"";
@@ -22,11 +22,12 @@ in
     "${IPv4Prefix}.5" = [ "carotte.sp" ];
     "${IPv4Prefix}.6" = [ "aubergine.sp" ];
     "${IPv4Prefix}.7" = [ "courge.sp" ];
+    "${IPv4Prefix}.8" = [ "blackberry.sp" ];
   };
   services.nebula.networks.${domain} = {
     enable = true;
     ca = lib.mkDefault (./. + "/${domain}/ca.crt");
-    cert = lib.mkDefault "${inputs.self}/share/nebula/${domain}/${hostName}.crt";
+    cert = lib.mkDefault (builtins.path { path = inputs.self + "/share/nebula/${domain}/${hostName}.crt"; });
     key = "/run/credentials/nebula@${domain}.service/${hostName}.key";
     listen.host = lib.mkDefault "0.0.0.0";
     tun.device = lib.mkDefault "neb-sourcephile";
@@ -64,6 +65,7 @@ in
       preferred_ranges = [
         "192.168.0.0/16"
       ];
+      #cipher = "chachapoly";
       /*
       stats = {
         type = "prometheus";