diff --git a/.sops.yaml b/.sops.yaml index 17970040..ceb14624 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -19,17 +19,6 @@ creation_rules: - *host_backups-rpi4 - *host_quitman-rpi4 - - path_regex: secrets\/tailscale\.yaml$ - key_groups: - - pgp: - - *user_albert - - *host_osaka-linode-01 - - *host_nixos-framework - - *host_framework-server - - *host_piaware-rpi4 - - *host_backups-rpi4 - - *host_quitman-rpi4 - - path_regex: secrets\/wireguard\.yaml$ key_groups: - pgp: diff --git a/nixos/hosts/framework-server/default.nix b/nixos/hosts/framework-server/default.nix index 5059ea95..0fe283fc 100644 --- a/nixos/hosts/framework-server/default.nix +++ b/nixos/hosts/framework-server/default.nix @@ -1,4 +1,4 @@ -{ inputs, config, lib, pkgs, modulesPath, desktop, username, platform, ... }: { +{ inputs, config, lib, pkgs, modulesPath, desktop, username, hostname, platform, ... }: { imports = [ inputs.nixos-hardware.nixosModules.framework-13th-gen-intel (modulesPath + "/installer/scan/not-detected.nix") @@ -7,6 +7,7 @@ ../../common/services/fwupd.nix ../../common/modules/ssh-luks.nix ../../common/services/docker.nix + ../../common/services/tailscale-autoconnect.nix ./disks.nix ./builder.nix ./wireguard.nix @@ -43,17 +44,6 @@ networking.hostName = "framework-server"; networking.firewall.allowedTCPPorts = [ 22 ]; - # Generic Tailscale configs are in /nixos/common/services/tailscale.nix - # Set up the secrets file: - sops.secrets."tailscale_keys/framework-server" = { - owner = "root"; - sopsFile = ../../../secrets/tailscale.yaml; - restartUnits = [ - "tailscaled.service" - "tailscaled-autoconnect.service" - ]; - }; - services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/framework-server"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=10.2.0.0/24" diff --git a/nixos/hosts/nixos-framework/default.nix b/nixos/hosts/nixos-framework/default.nix index e97e5c5c..29d3754f 100644 --- a/nixos/hosts/nixos-framework/default.nix +++ b/nixos/hosts/nixos-framework/default.nix @@ -1,8 +1,9 @@ -{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: { +{ inputs, config, lib, pkgs, modulesPath, desktop, hostname, username, ... }: { imports = [ inputs.nixos-hardware.nixosModules.framework-13-7040-amd (modulesPath + "/installer/scan/not-detected.nix") ./disks.nix + ../../common/services/tailscale-autoconnect.nix ../../common/modules/secureboot.nix ../../common/modules/udev-rules.nix ../../common/modules/ssh-luks.nix @@ -72,17 +73,4 @@ winetricks wineWowPackages.waylandFull ]; - - # Generic Tailscale configs are in /nixos/common/services/tailscale.nix - # Set up the secrets file: - sops.secrets."tailscale_keys/nixos-framework" = { - owner = "root"; - sopsFile = ../../../secrets/tailscale.yaml; - restartUnits = [ - "tailscaled.service" - "tailscaled-autoconnect.service" - ]; - }; - services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/nixos-framework"; - # networking.firewall.allowedTCPPorts = [ 22 ]; } diff --git a/nixos/hosts/osaka-linode-01/default.nix b/nixos/hosts/osaka-linode-01/default.nix index 6df07f7a..f860df52 100644 --- a/nixos/hosts/osaka-linode-01/default.nix +++ b/nixos/hosts/osaka-linode-01/default.nix @@ -1,6 +1,7 @@ -{ config, lib, pkgs, modulesPath, desktop, username, ... }: { +{ config, lib, pkgs, modulesPath, hostname, username, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") + ../../common/services/tailscale-autoconnect.nix ./firewall.nix ./wireguard.nix ]; @@ -37,19 +38,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; time.timeZone = "Asia/Tokyo"; networking.hostName = "osaka-linode-01"; - - # networking.firewall.allowedTCPPorts = [ 22 ]; - # Generic Tailscale configs are in /nixos/common/services/tailscale.nix - # Set up the secrets file: - sops.secrets."tailscale_keys/osaka-linode-01" = { - owner = "root"; - sopsFile = ../../../secrets/tailscale.yaml; - restartUnits = [ - "tailscaled.service" - "tailscaled-autoconnect.service" - ]; - }; - services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/osaka-linode-01"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; } \ No newline at end of file diff --git a/nixos/hosts/piaware-rpi4/default.nix b/nixos/hosts/piaware-rpi4/default.nix index 074828e6..39394ce4 100644 --- a/nixos/hosts/piaware-rpi4/default.nix +++ b/nixos/hosts/piaware-rpi4/default.nix @@ -1,10 +1,8 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ inputs, config, lib, pkgs, modulesPath, ... }: { +{ inputs, config, lib, pkgs, modulesPath, hostname, ... }: { imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 (modulesPath + "/installer/scan/not-detected.nix") + ../../common/services/tailscale-autoconnect.nix ./podman.nix ]; # Enable distributed Builds @@ -54,17 +52,6 @@ # END hardware config ##################################################################################### - # Generic Tailscale configs are in /nixos/common/services/tailscale.nix - # Set up the secrets file: - sops.secrets."tailscale_keys/piaware-rpi4" = { - owner = "root"; - sopsFile = ../../../secrets/tailscale.yaml; - restartUnits = [ - "tailscaled.service" - "tailscaled-autoconnect.service" - ]; - }; - services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/piaware-rpi4"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; } \ No newline at end of file diff --git a/nixos/hosts/quitman-rpi4/default.nix b/nixos/hosts/quitman-rpi4/default.nix index 4a763536..da232344 100644 --- a/nixos/hosts/quitman-rpi4/default.nix +++ b/nixos/hosts/quitman-rpi4/default.nix @@ -1,10 +1,8 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ inputs, config, lib, pkgs, modulesPath, ... }: { +{ inputs, config, lib, pkgs, modulesPath, hostname, ... }: { imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 (modulesPath + "/installer/scan/not-detected.nix") + ../../common/services/tailscale-autoconnect.nix ]; # Enable distributed Builds nix.distributedBuilds = true; @@ -53,17 +51,6 @@ # END hardware config ##################################################################################### - # Generic Tailscale configs are in /nixos/common/services/tailscale.nix - # Set up the secrets file: - sops.secrets."tailscale_keys/quitman-rpi4" = { - owner = "root"; - sopsFile = ../../../secrets/tailscale.yaml; - restartUnits = [ - "tailscaled.service" - "tailscaled-autoconnect.service" - ]; - }; - services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/quitman-rpi4"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; } \ No newline at end of file