Update autoconnect tailscale definitions

This commit is contained in:
iFargle 2024-01-12 16:43:50 +09:00
parent 0de45b9f3c
commit e7793cb1b3
6 changed files with 10 additions and 81 deletions

View file

@ -19,17 +19,6 @@ creation_rules:
- *host_backups-rpi4 - *host_backups-rpi4
- *host_quitman-rpi4 - *host_quitman-rpi4
- path_regex: secrets\/tailscale\.yaml$
key_groups:
- pgp:
- *user_albert
- *host_osaka-linode-01
- *host_nixos-framework
- *host_framework-server
- *host_piaware-rpi4
- *host_backups-rpi4
- *host_quitman-rpi4
- path_regex: secrets\/wireguard\.yaml$ - path_regex: secrets\/wireguard\.yaml$
key_groups: key_groups:
- pgp: - pgp:

View file

@ -1,4 +1,4 @@
{ inputs, config, lib, pkgs, modulesPath, desktop, username, platform, ... }: { { inputs, config, lib, pkgs, modulesPath, desktop, username, hostname, platform, ... }: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
@ -7,6 +7,7 @@
../../common/services/fwupd.nix ../../common/services/fwupd.nix
../../common/modules/ssh-luks.nix ../../common/modules/ssh-luks.nix
../../common/services/docker.nix ../../common/services/docker.nix
../../common/services/tailscale-autoconnect.nix
./disks.nix ./disks.nix
./builder.nix ./builder.nix
./wireguard.nix ./wireguard.nix
@ -43,17 +44,6 @@
networking.hostName = "framework-server"; networking.hostName = "framework-server";
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file:
sops.secrets."tailscale_keys/framework-server" = {
owner = "root";
sopsFile = ../../../secrets/tailscale.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/framework-server";
services.tailscale.extraUpFlags = [ services.tailscale.extraUpFlags = [
"--advertise-exit-node" "--advertise-exit-node"
"--advertise-routes=10.2.0.0/24" "--advertise-routes=10.2.0.0/24"

View file

@ -1,8 +1,9 @@
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: { { inputs, config, lib, pkgs, modulesPath, desktop, hostname, username, ... }: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.framework-13-7040-amd inputs.nixos-hardware.nixosModules.framework-13-7040-amd
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
./disks.nix ./disks.nix
../../common/services/tailscale-autoconnect.nix
../../common/modules/secureboot.nix ../../common/modules/secureboot.nix
../../common/modules/udev-rules.nix ../../common/modules/udev-rules.nix
../../common/modules/ssh-luks.nix ../../common/modules/ssh-luks.nix
@ -72,17 +73,4 @@
winetricks winetricks
wineWowPackages.waylandFull wineWowPackages.waylandFull
]; ];
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file:
sops.secrets."tailscale_keys/nixos-framework" = {
owner = "root";
sopsFile = ../../../secrets/tailscale.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/nixos-framework";
# networking.firewall.allowedTCPPorts = [ 22 ];
} }

View file

@ -1,6 +1,7 @@
{ config, lib, pkgs, modulesPath, desktop, username, ... }: { { config, lib, pkgs, modulesPath, hostname, username, ... }: {
imports = [ imports = [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
../../common/services/tailscale-autoconnect.nix
./firewall.nix ./firewall.nix
./wireguard.nix ./wireguard.nix
]; ];
@ -37,19 +38,6 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
time.timeZone = "Asia/Tokyo"; time.timeZone = "Asia/Tokyo";
networking.hostName = "osaka-linode-01"; networking.hostName = "osaka-linode-01";
# networking.firewall.allowedTCPPorts = [ 22 ];
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file:
sops.secrets."tailscale_keys/osaka-linode-01" = {
owner = "root";
sopsFile = ../../../secrets/tailscale.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/osaka-linode-01";
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
} }

View file

@ -1,10 +1,8 @@
# Do not modify this file! It was generated by nixos-generate-config { inputs, config, lib, pkgs, modulesPath, hostname, ... }: {
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ inputs, config, lib, pkgs, modulesPath, ... }: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4 inputs.nixos-hardware.nixosModules.raspberry-pi-4
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
../../common/services/tailscale-autoconnect.nix
./podman.nix ./podman.nix
]; ];
# Enable distributed Builds # Enable distributed Builds
@ -54,17 +52,6 @@
# END hardware config # END hardware config
##################################################################################### #####################################################################################
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file:
sops.secrets."tailscale_keys/piaware-rpi4" = {
owner = "root";
sopsFile = ../../../secrets/tailscale.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/piaware-rpi4";
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
} }

View file

@ -1,10 +1,8 @@
# Do not modify this file! It was generated by nixos-generate-config { inputs, config, lib, pkgs, modulesPath, hostname, ... }: {
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ inputs, config, lib, pkgs, modulesPath, ... }: {
imports = [ imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4 inputs.nixos-hardware.nixosModules.raspberry-pi-4
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
../../common/services/tailscale-autoconnect.nix
]; ];
# Enable distributed Builds # Enable distributed Builds
nix.distributedBuilds = true; nix.distributedBuilds = true;
@ -53,17 +51,6 @@
# END hardware config # END hardware config
##################################################################################### #####################################################################################
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file:
sops.secrets."tailscale_keys/quitman-rpi4" = {
owner = "root";
sopsFile = ../../../secrets/tailscale.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/quitman-rpi4";
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
} }