Update autoconnect tailscale definitions
This commit is contained in:
parent
0de45b9f3c
commit
e7793cb1b3
6 changed files with 10 additions and 81 deletions
11
.sops.yaml
11
.sops.yaml
|
@ -19,17 +19,6 @@ creation_rules:
|
||||||
- *host_backups-rpi4
|
- *host_backups-rpi4
|
||||||
- *host_quitman-rpi4
|
- *host_quitman-rpi4
|
||||||
|
|
||||||
- path_regex: secrets\/tailscale\.yaml$
|
|
||||||
key_groups:
|
|
||||||
- pgp:
|
|
||||||
- *user_albert
|
|
||||||
- *host_osaka-linode-01
|
|
||||||
- *host_nixos-framework
|
|
||||||
- *host_framework-server
|
|
||||||
- *host_piaware-rpi4
|
|
||||||
- *host_backups-rpi4
|
|
||||||
- *host_quitman-rpi4
|
|
||||||
|
|
||||||
- path_regex: secrets\/wireguard\.yaml$
|
- path_regex: secrets\/wireguard\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ inputs, config, lib, pkgs, modulesPath, desktop, username, platform, ... }: {
|
{ inputs, config, lib, pkgs, modulesPath, desktop, username, hostname, platform, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
|
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
@ -7,6 +7,7 @@
|
||||||
../../common/services/fwupd.nix
|
../../common/services/fwupd.nix
|
||||||
../../common/modules/ssh-luks.nix
|
../../common/modules/ssh-luks.nix
|
||||||
../../common/services/docker.nix
|
../../common/services/docker.nix
|
||||||
|
../../common/services/tailscale-autoconnect.nix
|
||||||
./disks.nix
|
./disks.nix
|
||||||
./builder.nix
|
./builder.nix
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
|
@ -43,17 +44,6 @@
|
||||||
networking.hostName = "framework-server";
|
networking.hostName = "framework-server";
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
|
||||||
# Set up the secrets file:
|
|
||||||
sops.secrets."tailscale_keys/framework-server" = {
|
|
||||||
owner = "root";
|
|
||||||
sopsFile = ../../../secrets/tailscale.yaml;
|
|
||||||
restartUnits = [
|
|
||||||
"tailscaled.service"
|
|
||||||
"tailscaled-autoconnect.service"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/framework-server";
|
|
||||||
services.tailscale.extraUpFlags = [
|
services.tailscale.extraUpFlags = [
|
||||||
"--advertise-exit-node"
|
"--advertise-exit-node"
|
||||||
"--advertise-routes=10.2.0.0/24"
|
"--advertise-routes=10.2.0.0/24"
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
{ inputs, config, lib, pkgs, modulesPath, desktop, hostname, username, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
|
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
./disks.nix
|
./disks.nix
|
||||||
|
../../common/services/tailscale-autoconnect.nix
|
||||||
../../common/modules/secureboot.nix
|
../../common/modules/secureboot.nix
|
||||||
../../common/modules/udev-rules.nix
|
../../common/modules/udev-rules.nix
|
||||||
../../common/modules/ssh-luks.nix
|
../../common/modules/ssh-luks.nix
|
||||||
|
@ -72,17 +73,4 @@
|
||||||
winetricks
|
winetricks
|
||||||
wineWowPackages.waylandFull
|
wineWowPackages.waylandFull
|
||||||
];
|
];
|
||||||
|
|
||||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
|
||||||
# Set up the secrets file:
|
|
||||||
sops.secrets."tailscale_keys/nixos-framework" = {
|
|
||||||
owner = "root";
|
|
||||||
sopsFile = ../../../secrets/tailscale.yaml;
|
|
||||||
restartUnits = [
|
|
||||||
"tailscaled.service"
|
|
||||||
"tailscaled-autoconnect.service"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/nixos-framework";
|
|
||||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{ config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
{ config, lib, pkgs, modulesPath, hostname, username, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
../../common/services/tailscale-autoconnect.nix
|
||||||
./firewall.nix
|
./firewall.nix
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
];
|
];
|
||||||
|
@ -37,19 +38,6 @@
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
time.timeZone = "Asia/Tokyo";
|
time.timeZone = "Asia/Tokyo";
|
||||||
networking.hostName = "osaka-linode-01";
|
networking.hostName = "osaka-linode-01";
|
||||||
|
|
||||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
|
||||||
|
|
||||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
|
||||||
# Set up the secrets file:
|
|
||||||
sops.secrets."tailscale_keys/osaka-linode-01" = {
|
|
||||||
owner = "root";
|
|
||||||
sopsFile = ../../../secrets/tailscale.yaml;
|
|
||||||
restartUnits = [
|
|
||||||
"tailscaled.service"
|
|
||||||
"tailscaled-autoconnect.service"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/osaka-linode-01";
|
|
||||||
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
||||||
}
|
}
|
|
@ -1,10 +1,8 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
{ inputs, config, lib, pkgs, modulesPath, hostname, ... }: {
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ inputs, config, lib, pkgs, modulesPath, ... }: {
|
|
||||||
imports = [
|
imports = [
|
||||||
inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
../../common/services/tailscale-autoconnect.nix
|
||||||
./podman.nix
|
./podman.nix
|
||||||
];
|
];
|
||||||
# Enable distributed Builds
|
# Enable distributed Builds
|
||||||
|
@ -54,17 +52,6 @@
|
||||||
# END hardware config
|
# END hardware config
|
||||||
#####################################################################################
|
#####################################################################################
|
||||||
|
|
||||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
|
||||||
# Set up the secrets file:
|
|
||||||
sops.secrets."tailscale_keys/piaware-rpi4" = {
|
|
||||||
owner = "root";
|
|
||||||
sopsFile = ../../../secrets/tailscale.yaml;
|
|
||||||
restartUnits = [
|
|
||||||
"tailscaled.service"
|
|
||||||
"tailscaled-autoconnect.service"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/piaware-rpi4";
|
|
||||||
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
||||||
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
|
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
|
||||||
}
|
}
|
|
@ -1,10 +1,8 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
{ inputs, config, lib, pkgs, modulesPath, hostname, ... }: {
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ inputs, config, lib, pkgs, modulesPath, ... }: {
|
|
||||||
imports = [
|
imports = [
|
||||||
inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
../../common/services/tailscale-autoconnect.nix
|
||||||
];
|
];
|
||||||
# Enable distributed Builds
|
# Enable distributed Builds
|
||||||
nix.distributedBuilds = true;
|
nix.distributedBuilds = true;
|
||||||
|
@ -53,17 +51,6 @@
|
||||||
# END hardware config
|
# END hardware config
|
||||||
#####################################################################################
|
#####################################################################################
|
||||||
|
|
||||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
|
||||||
# Set up the secrets file:
|
|
||||||
sops.secrets."tailscale_keys/quitman-rpi4" = {
|
|
||||||
owner = "root";
|
|
||||||
sopsFile = ../../../secrets/tailscale.yaml;
|
|
||||||
restartUnits = [
|
|
||||||
"tailscaled.service"
|
|
||||||
"tailscaled-autoconnect.service"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/quitman-rpi4";
|
|
||||||
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
||||||
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
|
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
|
||||||
}
|
}
|
Loading…
Reference in a new issue