From 8b7007b2b80bd887cba47b6b89f6634f4732a004 Mon Sep 17 00:00:00 2001
From: kurogeek <kurogeek@lmvhaus.com>
Date: Thu, 25 Sep 2025 14:46:26 +0700
Subject: [PATCH] VPN for b4l

---
 inventories/default.nix                       | 10 ++++
 machines/rigel/configuration.nix              |  9 ++++
 .../zerotier-identity-secret/groups/admins    |  1 +
 .../zerotier-identity-secret/machines/rigel   |  1 +
 .../zerotier/zerotier-identity-secret/secret  | 47 +++++++++++++++++++
 .../zerotier-identity-secret/users/kurogeek   |  1 +
 .../rigel/zerotier/zerotier-ip/value          |  1 +
 .../rigel/zerotier/zerotier-network-id/value  |  1 +
 8 files changed, 71 insertions(+)
 create mode 120000 vars/per-machine/rigel/zerotier/zerotier-identity-secret/groups/admins
 create mode 120000 vars/per-machine/rigel/zerotier/zerotier-identity-secret/machines/rigel
 create mode 100644 vars/per-machine/rigel/zerotier/zerotier-identity-secret/secret
 create mode 120000 vars/per-machine/rigel/zerotier/zerotier-identity-secret/users/kurogeek
 create mode 100644 vars/per-machine/rigel/zerotier/zerotier-ip/value
 create mode 100644 vars/per-machine/rigel/zerotier/zerotier-network-id/value

diff --git a/inventories/default.nix b/inventories/default.nix
index d1c0f7f..c67940a 100644
--- a/inventories/default.nix
+++ b/inventories/default.nix
@@ -16,6 +16,7 @@
 
       tags = {
         glom = [ "vega" ];
+        b4l = [ "rigel" ];
       };
 
       instances = {
@@ -50,6 +51,15 @@
           roles.peer.tags.glom = { };
         };
 
+        b4l-network = {
+          module = {
+            name = "zerotier";
+            input = "clan-core";
+          };
+          roles.controller.machines."rigel" = { };
+          roles.peer.tags.b4l = { };
+        };
+
         pocket-id = {
           module = {
             name = "pocket-id";
diff --git a/machines/rigel/configuration.nix b/machines/rigel/configuration.nix
index 712d295..696869c 100644
--- a/machines/rigel/configuration.nix
+++ b/machines/rigel/configuration.nix
@@ -1,4 +1,13 @@
 {
+  imports = [
+    (import ../../lib/auto-accept-zerotier-members.nix {
+      memberIds = [
+        "dbe44c0287" # Alex-gateway
+        "1b495eede9" # kurogeek-thinkpad
+      ];
+    })
+  ];
+
   system.stateVersion = "25.11";
   clan.core.sops.defaultGroups = [ "admins" ];
 }
diff --git a/vars/per-machine/rigel/zerotier/zerotier-identity-secret/groups/admins b/vars/per-machine/rigel/zerotier/zerotier-identity-secret/groups/admins
new file mode 120000
index 0000000..6765aa1
--- /dev/null
+++ b/vars/per-machine/rigel/zerotier/zerotier-identity-secret/groups/admins
@@ -0,0 +1 @@
+../../../../../../sops/groups/admins
\ No newline at end of file
diff --git a/vars/per-machine/rigel/zerotier/zerotier-identity-secret/machines/rigel b/vars/per-machine/rigel/zerotier/zerotier-identity-secret/machines/rigel
new file mode 120000
index 0000000..47a146c
--- /dev/null
+++ b/vars/per-machine/rigel/zerotier/zerotier-identity-secret/machines/rigel
@@ -0,0 +1 @@
+../../../../../../sops/machines/rigel
\ No newline at end of file
diff --git a/vars/per-machine/rigel/zerotier/zerotier-identity-secret/secret b/vars/per-machine/rigel/zerotier/zerotier-identity-secret/secret
new file mode 100644
index 0000000..b56623f
--- /dev/null
+++ b/vars/per-machine/rigel/zerotier/zerotier-identity-secret/secret
@@ -0,0 +1,47 @@
+{
+	"data": "ENC[AES256_GCM,data:HyP/Y+xjRTrixNZ6sZS4wMix3KXEYckSEhOBzUA2qS3XSB+1VyVPUCfAQjyV0jjzUAvXa8cYo5NpQIqV6whLasTTX8TgROkjlh1bIkRzrxVfZ3Rzsp25y7ZtyvTOZT12OJqmQb9LVI14eL5aG7JRRwpsff2VxqXbfynz2G3XvhCsaF3cb0rGVaE1AhJNN7E9jLkmLyxFTYkuFNZBw4FmP3CMeQTwnRsV8PUAs1HLeGoU/8rs3apK0VS7UXeFSXxIMK7tygPa3Bzu9nEqFTfL1fOIHXjiMwWisn7Rs0sIKVd6vBY5WPclV4Q6mk1KJD+BfhljPWs8Wu9a98A/j2imKXF1TQe1aGVFLTMDmhMM,iv:A8WntsxBmFW3fp2bVSPhfcxj1/K3MRr6e4vxquY0YG8=,tag:vqKuaeEPH0oI19iTEF5/jw==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUaWlpWXZJRno3Z2I0K003\nQk5RVmYwS25GdStuYU1taVB1a2cwbXVnSHk0CmpvbEhsdVl2RTlUcHlMRjhNZG9j\ndDJqQnBIOTNYWTRYLzQ1OTRueGFvaGcKLS0tIEN2SVB2QUhTZUdGaDl6SVBHak9G\naWtkT1ZDLzBQVDhHV3krZ3F3OGUzN0EKggPAMl3Z/U+1xOGB3syCnBG5IkkYp3k8\nEVI8ZNqP1AfKK8Cnc16lZ8ImLBjZnh8OdNJUSdemrCfxYnkxk9bUoQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvV2I0MFNnTERvTGExb1Q0\ndld3VjBNQjhVaFpJdzlxYWE0N05tc0N4YVY4CkUxU3RIdzl1Y0dSTTFVZ2UwUjRG\naW5FaG1vaHBzcVU3QmMvU2swM0lLWTQKLS0tIGRLYXZ4Ly94RExMeER1UjJ5NUlB\nTGV3MWFlNHJDTisvZUphWFc4b1hRd1EKZ2IQcUpBTZq2+SkPbsLHNgsb3K/63QNu\nNQr886LiO8ERLw9NZ87WG2p50FHRNKAviTZm9XZf/AgGdBH+cpvg7A==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIFk5ZzRCeXNx\nZ0pUeWlSVXRTYjMyeHRJRmNCSitDL2JEeFc1czU1VUpxVEEgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQpGSlY0dkduZWREK09tRGtmeWVzMW1o\nOTB1WmJ5YTBKeVJZUTJHYXM2dlB3Ci0tLSB5Mnk0R2VQOHNyUVlVaytKUU5GMGtx\ndW5oTGtLQ0RQRUxKRktNeS9FSEF3CgG0zNOuH54TxGzBFFgvMVCtDh/6nyhwWi/m\nUNOtZrlcT7qwaqBvMSjGjnWAEqwr+s15P9wi2lPX/UdVUpXa2N4=\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIEVvNzJ3YlFW\nd0YrenJZcHdQK2YyYzNGa3BqY2ZVeElyQmkxMlJuSHlVMHcgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwowbDB0akhEZG5weklKNmxxa1VzbmhY\nR1QraHErWCtZa0F5aTdkWGVKRkZzCi0tLSBOR1NNQkdDWmlwZ3NaSTVhaW4rN1Nk\nZkUrMklBb3NmeXN0QTY0cGFXRUZFCkzEyNFrzpKxFENcq84i2dSsBp6ltOAIt3CZ\ncHDCmL29d5/LjWrb4Qbp8lPYPr94kJLbtAoL1JmN+hAJqCY7JVI=\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIFpNaUFzYmY3\nQk1ncEFYM1RkZTJQY2JTR0RWbWFENkRhalVtUDcyZXNjVU0gQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwphNkVjYUcwRnN3RWJCMTRXT1hlcVA2\nMGFWUzFRTFlUbTUyR2Z4WlVDbk9JCi0tLSBBVFhlUnlxbWQ3WU9KL0t6a0tNMkF3\nTjBybHZWOVhnL0oyemxQR2Zwbk1NCmQL+jg7YhafYZMP00eQvJpNwvXK4sSJ6pPd\nONYhdpYWSqorv6O53ch9ipDhL6X3RPgHRyX3R+fIFstArOtOWvs=\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNTFiRjJud3FTN1lZNDY3\nTFNKQStzSGVzaC9MMjI5ZVJ0Z1BzWW5TSkVZCkhwNit5dTkwbWRncTRkNm1URDJN\nZlJrNlMyL1dRRWlRTUYrOXFjamVtVk0KLS0tIE1Wd0pTdkVRdXFlQjhhTnY4WlNV\nclRacUV2bGZmalV2bkhVWEtWbXM0blUKpjB3n1v/2ZGSHwZB6VqQDmvBpQJ+C8lM\nThKdQL9BqWhizig2Y1sYuXSSbktcsme6AabDNh/7FkrfRW8HGbXj6A==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEQXZpbkMvc1cySk43cWdN\nSzZTdTRpR2czR0crMXJtTUxNazBjU0FkV0U4CmJmcG01SHhOTk5wVjNrNmE0N1VD\nYVMyZGg3Zk15MlZwRTZsS1Y1Q2lxRzQKLS0tIE5zditwbkc3dU10RVlPUWJCWEUw\nUHZpbC82bG0vdy9veXhtazA1ckR0MjgKmwJI23KxoGn7QPkcxYnOYQfHG2qdQzzK\nm2+qXvA8Iful/7sB71GvcUoSFMqvR8jDo84PO3tUuFPZvgf3CfITJg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrODlOWnl3R0lVM2ZJYVQ1\nczdKcnZWTmEzS3U0akhvL1RZbDc4ZFJNU2hRCmplQlhOZU9kdy9iUmV1eHk2M3Ns\nZTJDdDlnZ2tEd3dtVTNVVmJCME56K0EKLS0tIEoxTUwxcmYrSHdpbzlnOEVSYS84\nUlV3RlNNa25RZXpQTXNTUXp4ckxnd0kK2sRFVRZ/7uaB8S9wfEVO05fNlwXH7Cf6\nT/rRpXAvjGSABWq6Fwzt5dPvIf7iKntYHHP3RHsB3dBoxhQayEFoZw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxa1hzSlFtNndUeWNad3g1\nZWFsV3dGQjRVem9SZS81WU5iWTdDNGtZRXhnCkFTT0tOSng1RWtRODROZStxNmd1\nODNQQndGSk1wcUFvdjlRYUM3ZHJMMjAKLS0tIDFZS0dlMXZ2QTdLdFRhT2szSksz\nZitZcU9MendCbkQ5NXVHSDY4TXByRncK8CajXcPrPFpMnOGWlx0Cp1boK9fujUbc\nN8Uz7J++4wsZF68Pri2a1fCHXXDRtkPYQi2IDvuAtVslC21rFJp5pQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-09-24T08:01:35Z",
+		"mac": "ENC[AES256_GCM,data:0U1N+gx4OChXGJBoXLurTsiCshv1kx1aQLnDT+Yu5+igWS60XgtIrkbriy7SMbL1eGrEZWjtuIKw4QEN0alkNWFb1h6T1fYYKQaenKK/dUTautgpfAyxElDNJZ9bBVnYAH4axCvYuR7W5kgqvfLagXQU2D6fpargfdHWxG41J3g=,iv:czkt4doampkV+5X2NXIG23cEzJIrBSN0co2IzRQAMks=,tag:yWyBfOwg9cRzc5xoMFiW7g==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}
diff --git a/vars/per-machine/rigel/zerotier/zerotier-identity-secret/users/kurogeek b/vars/per-machine/rigel/zerotier/zerotier-identity-secret/users/kurogeek
new file mode 120000
index 0000000..970aefa
--- /dev/null
+++ b/vars/per-machine/rigel/zerotier/zerotier-identity-secret/users/kurogeek
@@ -0,0 +1 @@
+../../../../../../sops/users/kurogeek
\ No newline at end of file
diff --git a/vars/per-machine/rigel/zerotier/zerotier-ip/value b/vars/per-machine/rigel/zerotier/zerotier-ip/value
new file mode 100644
index 0000000..ef042fb
--- /dev/null
+++ b/vars/per-machine/rigel/zerotier/zerotier-ip/value
@@ -0,0 +1 @@
+fd79:fada:fbe9:8c5d:d899:9379:fada:fbe9
\ No newline at end of file
diff --git a/vars/per-machine/rigel/zerotier/zerotier-network-id/value b/vars/per-machine/rigel/zerotier/zerotier-network-id/value
new file mode 100644
index 0000000..f4b351e
--- /dev/null
+++ b/vars/per-machine/rigel/zerotier/zerotier-network-id/value
@@ -0,0 +1 @@
+79fadafbe98c5dd8
\ No newline at end of file