From c61915a9a2d0db0a1ff3f7d2528ee04e02cef241 Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Sat, 15 Jan 2022 11:28:23 +0100
Subject: [PATCH] Add NNCP relay host

---
 flake.nix                         |  9 +++++++
 host-registry.nix                 |  5 ++++
 hosts/containers/nncp/default.nix | 44 +++++++++++++++++++++++++++++++
 3 files changed, 58 insertions(+)
 create mode 100644 hosts/containers/nncp/default.nix

diff --git a/flake.nix b/flake.nix
index 30242625..f6e89da3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -274,6 +274,15 @@
           system = "aarch64-linux";
         };
 
+        nncp = nixosSystem' {
+          nixpkgs = inputs.nixpkgs-unstable;
+          modules = [
+            self.nixosModules.nncp
+            ./config/lxc-container.nix
+            ./hosts/containers/nncp
+          ];
+        };
+
         dacbert = nixosSystem' {
           modules = [
             "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
diff --git a/host-registry.nix b/host-registry.nix
index f102406c..5464f71f 100644
--- a/host-registry.nix
+++ b/host-registry.nix
@@ -55,6 +55,11 @@
 
   nix-build.ip4 = "172.22.99.156";
 
+  nncp = {
+    ip6 = "2a00:8180:2c00:282:dcec:9aff:fe6f:3f63";
+    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQhxaeElmxO1UgaI/+qr+g13OFeY9qtJVxznNN+xs/e";
+  };
+
   public-access-proxy = {
     ip4 = "172.20.73.45";
     ip6 = "2a00:8180:2c00:282:1024:5fff:febd:9be7";
diff --git a/hosts/containers/nncp/default.nix b/hosts/containers/nncp/default.nix
new file mode 100644
index 00000000..8b2be4cf
--- /dev/null
+++ b/hosts/containers/nncp/default.nix
@@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot.loader.initScript.enable = lib.mkForce false;
+
+  c3d2.mergeNncpSettings = false;
+
+  networking = {
+    hostName = "nncp";
+    firewall.enable = false;
+  };
+
+  programs.nncp = {
+    enable = true;
+    secrets = [ "/etc/nncp.secrets" ];
+    settings = {
+      mcd-listen = [ "eth0" ];
+      mcd-send.eth0 = 60;
+      neigh = # use c3d2.nncp.neigh but remove this node
+        lib.mapAttrs
+        (name: value: value // { via = lib.lists.remove "c3d2" value.via; })
+        (builtins.removeAttrs config.c3d2.nncp.neigh [ "c3d2" ]);
+    };
+  };
+
+  services.nncp = {
+    caller.enable = false;
+    daemon = {
+      enable = true;
+      socketActivation.enable = false;
+    };
+  };
+
+  systemd.services."nncp-daemon-yggdrasil" = {
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = config.systemd.services."nncp-daemon".serviceConfig // {
+      ExecStart =
+        "${pkgs.nncp}/bin/nncp-daemon -noprogress -autotoss -yggdrasil 'keyprv;;keypub;tcp://[2a00:8180:2c00:281:9000::1]:1337'";
+    };
+  };
+
+}
+