Add NNCP relay host

flake.nix

@@ -274,6 +274,15 @@
           system = "aarch64-linux";
         };
 
+        nncp = nixosSystem' {
+          nixpkgs = inputs.nixpkgs-unstable;
+          modules = [
+            self.nixosModules.nncp
+            ./config/lxc-container.nix
+            ./hosts/containers/nncp
+          ];
+        };
+
         dacbert = nixosSystem' {
           modules = [
             "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"

host-registry.nix

@@ -55,6 +55,11 @@
 
   nix-build.ip4 = "172.22.99.156";
 
+  nncp = {
+    ip6 = "2a00:8180:2c00:282:dcec:9aff:fe6f:3f63";
+    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQhxaeElmxO1UgaI/+qr+g13OFeY9qtJVxznNN+xs/e";
+  };
+
   public-access-proxy = {
     ip4 = "172.20.73.45";
     ip6 = "2a00:8180:2c00:282:1024:5fff:febd:9be7";

hosts/containers/nncp/default.nix

@@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot.loader.initScript.enable = lib.mkForce false;
+
+  c3d2.mergeNncpSettings = false;
+
+  networking = {
+    hostName = "nncp";
+    firewall.enable = false;
+  };
+
+  programs.nncp = {
+    enable = true;
+    secrets = [ "/etc/nncp.secrets" ];
+    settings = {
+      mcd-listen = [ "eth0" ];
+      mcd-send.eth0 = 60;
+      neigh = # use c3d2.nncp.neigh but remove this node
+        lib.mapAttrs
+        (name: value: value // { via = lib.lists.remove "c3d2" value.via; })
+        (builtins.removeAttrs config.c3d2.nncp.neigh [ "c3d2" ]);
+    };
+  };
+
+  services.nncp = {
+    caller.enable = false;
+    daemon = {
+      enable = true;
+      socketActivation.enable = false;
+    };
+  };
+
+  systemd.services."nncp-daemon-yggdrasil" = {
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = config.systemd.services."nncp-daemon".serviceConfig // {
+      ExecStart =
+        "${pkgs.nncp}/bin/nncp-daemon -noprogress -autotoss -yggdrasil 'keyprv;;keypub;tcp://[2a00:8180:2c00:281:9000::1]:1337'";
+    };
+  };
+
+}
+