Update autoconnect tailscale definitions
This commit is contained in:
parent
0de45b9f3c
commit
e7793cb1b3
6 changed files with 10 additions and 81 deletions
11
.sops.yaml
11
.sops.yaml
|
@ -19,17 +19,6 @@ creation_rules:
|
|||
- *host_backups-rpi4
|
||||
- *host_quitman-rpi4
|
||||
|
||||
- path_regex: secrets\/tailscale\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *user_albert
|
||||
- *host_osaka-linode-01
|
||||
- *host_nixos-framework
|
||||
- *host_framework-server
|
||||
- *host_piaware-rpi4
|
||||
- *host_backups-rpi4
|
||||
- *host_quitman-rpi4
|
||||
|
||||
- path_regex: secrets\/wireguard\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ inputs, config, lib, pkgs, modulesPath, desktop, username, platform, ... }: {
|
||||
{ inputs, config, lib, pkgs, modulesPath, desktop, username, hostname, platform, ... }: {
|
||||
imports = [
|
||||
inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
|
@ -7,6 +7,7 @@
|
|||
../../common/services/fwupd.nix
|
||||
../../common/modules/ssh-luks.nix
|
||||
../../common/services/docker.nix
|
||||
../../common/services/tailscale-autoconnect.nix
|
||||
./disks.nix
|
||||
./builder.nix
|
||||
./wireguard.nix
|
||||
|
@ -43,17 +44,6 @@
|
|||
networking.hostName = "framework-server";
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
|
||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
||||
# Set up the secrets file:
|
||||
sops.secrets."tailscale_keys/framework-server" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/tailscale.yaml;
|
||||
restartUnits = [
|
||||
"tailscaled.service"
|
||||
"tailscaled-autoconnect.service"
|
||||
];
|
||||
};
|
||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/framework-server";
|
||||
services.tailscale.extraUpFlags = [
|
||||
"--advertise-exit-node"
|
||||
"--advertise-routes=10.2.0.0/24"
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
||||
{ inputs, config, lib, pkgs, modulesPath, desktop, hostname, username, ... }: {
|
||||
imports = [
|
||||
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
./disks.nix
|
||||
../../common/services/tailscale-autoconnect.nix
|
||||
../../common/modules/secureboot.nix
|
||||
../../common/modules/udev-rules.nix
|
||||
../../common/modules/ssh-luks.nix
|
||||
|
@ -72,17 +73,4 @@
|
|||
winetricks
|
||||
wineWowPackages.waylandFull
|
||||
];
|
||||
|
||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
||||
# Set up the secrets file:
|
||||
sops.secrets."tailscale_keys/nixos-framework" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/tailscale.yaml;
|
||||
restartUnits = [
|
||||
"tailscaled.service"
|
||||
"tailscaled-autoconnect.service"
|
||||
];
|
||||
};
|
||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/nixos-framework";
|
||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
||||
{ config, lib, pkgs, modulesPath, hostname, username, ... }: {
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
../../common/services/tailscale-autoconnect.nix
|
||||
./firewall.nix
|
||||
./wireguard.nix
|
||||
];
|
||||
|
@ -38,18 +39,5 @@
|
|||
time.timeZone = "Asia/Tokyo";
|
||||
networking.hostName = "osaka-linode-01";
|
||||
|
||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
|
||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
||||
# Set up the secrets file:
|
||||
sops.secrets."tailscale_keys/osaka-linode-01" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/tailscale.yaml;
|
||||
restartUnits = [
|
||||
"tailscaled.service"
|
||||
"tailscaled-autoconnect.service"
|
||||
];
|
||||
};
|
||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/osaka-linode-01";
|
||||
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
||||
}
|
|
@ -1,10 +1,8 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ inputs, config, lib, pkgs, modulesPath, ... }: {
|
||||
{ inputs, config, lib, pkgs, modulesPath, hostname, ... }: {
|
||||
imports = [
|
||||
inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
../../common/services/tailscale-autoconnect.nix
|
||||
./podman.nix
|
||||
];
|
||||
# Enable distributed Builds
|
||||
|
@ -54,17 +52,6 @@
|
|||
# END hardware config
|
||||
#####################################################################################
|
||||
|
||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
||||
# Set up the secrets file:
|
||||
sops.secrets."tailscale_keys/piaware-rpi4" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/tailscale.yaml;
|
||||
restartUnits = [
|
||||
"tailscaled.service"
|
||||
"tailscaled-autoconnect.service"
|
||||
];
|
||||
};
|
||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/piaware-rpi4";
|
||||
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
||||
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
|
||||
}
|
|
@ -1,10 +1,8 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ inputs, config, lib, pkgs, modulesPath, ... }: {
|
||||
{ inputs, config, lib, pkgs, modulesPath, hostname, ... }: {
|
||||
imports = [
|
||||
inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
../../common/services/tailscale-autoconnect.nix
|
||||
];
|
||||
# Enable distributed Builds
|
||||
nix.distributedBuilds = true;
|
||||
|
@ -53,17 +51,6 @@
|
|||
# END hardware config
|
||||
#####################################################################################
|
||||
|
||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
||||
# Set up the secrets file:
|
||||
sops.secrets."tailscale_keys/quitman-rpi4" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/tailscale.yaml;
|
||||
restartUnits = [
|
||||
"tailscaled.service"
|
||||
"tailscaled-autoconnect.service"
|
||||
];
|
||||
};
|
||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/quitman-rpi4";
|
||||
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
||||
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
|
||||
}
|
Loading…
Reference in a new issue