Compare commits
4 commits
9de0b072cd
...
e03a8e6c8a
| Author | SHA1 | Date | |
|---|---|---|---|
| e03a8e6c8a | |||
| 76b0dd1a4e | |||
| caa3b8d081 | |||
| dd15bcb9ab |
9 changed files with 115 additions and 32 deletions
|
|
@ -103,3 +103,8 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *chunk
|
- *chunk
|
||||||
- *cy
|
- *cy
|
||||||
|
- path_regex: secrets/services/tailscale.yaml
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *chunk
|
||||||
|
- *cy
|
||||||
|
|
|
||||||
58
flake.lock
generated
58
flake.lock
generated
|
|
@ -562,11 +562,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737575492,
|
"lastModified": 1737669579,
|
||||||
"narHash": "sha256-qa/D3NC1JoApnUuLrq1gseBmIxeg6icm/ojPgggMDVQ=",
|
"narHash": "sha256-v9WQ3c4ctwPMfdBZMZxpdM9xXev4uChce4BxOpvsu0E=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "cefb1889b96ddd1dac3dd4734e894f4cadab7802",
|
"rev": "7b9ece1bf3c8780cde9b975b28c2d9ccd7e9cdb9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -623,11 +623,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737299073,
|
"lastModified": 1737639419,
|
||||||
"narHash": "sha256-hOydnO9trHDo3qURqLSDdmE/pHNWDzlhkmyZ/gcBX2s=",
|
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "lanzaboote",
|
"repo": "lanzaboote",
|
||||||
"rev": "64d20cb2afaad8b73f4e38de41d27fb30a782bb5",
|
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -683,11 +683,11 @@
|
||||||
"pre-commit-hooks": "pre-commit-hooks"
|
"pre-commit-hooks": "pre-commit-hooks"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737579991,
|
"lastModified": 1737655283,
|
||||||
"narHash": "sha256-5IKNJQP+3XWLd/s7SXGvL6ZzFwk8wDDm0QGBTQ6fw9M=",
|
"narHash": "sha256-yAFGeCZXUL3GqDMeFcUEOC4m459Ld7j54Rxo8cmyuSQ=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "1fe6064ceded2a9a81ab1725d545a670d14add28",
|
"rev": "963b687443b44df6c5cbdf3426454d92830d9100",
|
||||||
"revCount": 16661,
|
"revCount": 16671,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/lix-project/lix"
|
"url": "https://git.lix.systems/lix-project/lix"
|
||||||
},
|
},
|
||||||
|
|
@ -710,11 +710,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737241037,
|
"lastModified": 1737675503,
|
||||||
"narHash": "sha256-6LIpS3rK1Ch6OXis4tvBTgGBTRb+NptDAfhPNzmgZSE=",
|
"narHash": "sha256-FUWpqPOsEJwK8oomffat+lgKnoxJHArRlWo2j17EhxQ=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "690f7c0fa2935bf591cccf4d7312b3e0f470298b",
|
"rev": "3e18a1ceec7df4514f5a045441e5f98dd003db09",
|
||||||
"revCount": 129,
|
"revCount": 131,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/lix-project/nixos-module"
|
"url": "https://git.lix.systems/lix-project/nixos-module"
|
||||||
},
|
},
|
||||||
|
|
@ -737,11 +737,11 @@
|
||||||
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
|
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737545000,
|
"lastModified": 1737627930,
|
||||||
"narHash": "sha256-Drl0xZR/N2w3dQtZ3hpx4LA3M34Lev7OKv9qrglncfY=",
|
"narHash": "sha256-oaAatwNVaX36xmI2AKIVu2oG07XJmHq2T+Y66hEprd8=",
|
||||||
"owner": "sodiboo",
|
"owner": "sodiboo",
|
||||||
"repo": "niri-flake",
|
"repo": "niri-flake",
|
||||||
"rev": "04e476cb17be7c29c18a6dbcf451321f7c9b1d98",
|
"rev": "f79aa307f4bc0bfbabee404e6354fd2a1edfcb01",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -770,11 +770,11 @@
|
||||||
"niri-unstable": {
|
"niri-unstable": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737449786,
|
"lastModified": 1737623252,
|
||||||
"narHash": "sha256-G/AK0T41PpxU9hjkK/tnjODigzKcpRayo1o4pi9glqI=",
|
"narHash": "sha256-orq/c8lOUrZfCHQhfuLEJtMZpfBYhMtGv1Xuz99Pxj0=",
|
||||||
"owner": "YaLTeR",
|
"owner": "YaLTeR",
|
||||||
"repo": "niri",
|
"repo": "niri",
|
||||||
"rev": "b01b8afa8c8f9070300243050d9790e38fd19145",
|
"rev": "128b01e04905d833214f52a3c6fab308bcc15ce0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -1045,11 +1045,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737556089,
|
"lastModified": 1737642748,
|
||||||
"narHash": "sha256-hToO01UT2ENoQKWVopBuGV78ZprcxjqsPVFdddcynj4=",
|
"narHash": "sha256-VsCzuoavNERLs46aw38nmORT4F5pLOZDDe2bzFo+jsE=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "2fc5aeb049f44ed4f9e877cda8a1c334612e1d7a",
|
"rev": "864f89f98b0b4e1bbcb762b025fd83da8bc1bae0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -1082,11 +1082,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737578990,
|
"lastModified": 1737667561,
|
||||||
"narHash": "sha256-49M9B1nni54cuOH6qPM90U106VSWhAVqpy6f3sz0q4Q=",
|
"narHash": "sha256-BKUapQPTji3V2uxymGq62/UWF1XMjfHvKd565jj1HlA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "a2a4befdaf825d36a50e2fda4a004682ea6b1a22",
|
"rev": "aab2b81792567237c104b90c3936e073d28a9ac6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -1240,11 +1240,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737512878,
|
"lastModified": 1737599167,
|
||||||
"narHash": "sha256-dgF6htdmfNnZzVInifks6npnCAyVsIHWSpWNs10RSW0=",
|
"narHash": "sha256-S2rHCrQWCDVp63XxL/AQbGr1g5M8Zx14C7Jooa4oM8o=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "06b8ed0eee289fe94c66f1202ced9a6a2c59a14c",
|
"rev": "38374302ae9edf819eac666d1f276d62c712dd06",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
|
|
@ -171,7 +171,7 @@
|
||||||
./modules
|
./modules
|
||||||
inputs.lanzaboote.nixosModules.lanzaboote
|
inputs.lanzaboote.nixosModules.lanzaboote
|
||||||
inputs.niri.nixosModules.niri
|
inputs.niri.nixosModules.niri
|
||||||
inputs.lix-module.nixosModules.default
|
# inputs.lix-module.nixosModules.default # broken
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
chunk = lib.nixosSystem {
|
chunk = lib.nixosSystem {
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,7 @@
|
||||||
./attic.nix
|
./attic.nix
|
||||||
./forgejo.nix
|
./forgejo.nix
|
||||||
./garage.nix
|
./garage.nix
|
||||||
|
./tailscale.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
||||||
|
|
@ -66,10 +67,12 @@
|
||||||
"attic/env" = {
|
"attic/env" = {
|
||||||
sopsFile = ../../secrets/services/attic.yaml;
|
sopsFile = ../../secrets/services/attic.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
"garage/env" = {
|
"garage/env" = {
|
||||||
sopsFile = ../../secrets/services/garage.yaml;
|
sopsFile = ../../secrets/services/garage.yaml;
|
||||||
};
|
};
|
||||||
|
"tailscale/auth" = {
|
||||||
|
sopsFile = ../../secrets/services/tailscale.yaml;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
|
|
|
||||||
9
hosts/chunk/tailscale.nix
Normal file
9
hosts/chunk/tailscale.nix
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
{ config, ... }: {
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
authKeyFile = config.sops.secrets."tailscale/auth".path;
|
||||||
|
extraUpFlags = [ "--advertise-exit-node" ];
|
||||||
|
useRoutingFeatures = "server";
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
|
|
@ -9,6 +9,7 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../common.nix
|
../common.nix
|
||||||
../zsh.nix
|
../zsh.nix
|
||||||
|
./tailscale.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
||||||
|
|
@ -32,6 +33,9 @@
|
||||||
sopsFile = ../../secrets/newsboat.yaml;
|
sopsFile = ../../secrets/newsboat.yaml;
|
||||||
owner = "yt";
|
owner = "yt";
|
||||||
};
|
};
|
||||||
|
"tailscale/auth" = {
|
||||||
|
sopsFile = ../../secrets/services/tailscale.yaml;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
|
@ -58,6 +62,7 @@
|
||||||
pkiBundle = "/var/lib/sbctl";
|
pkiBundle = "/var/lib/sbctl";
|
||||||
};
|
};
|
||||||
kernel.sysctl."kernel.sysrq" = 1;
|
kernel.sysctl."kernel.sysrq" = 1;
|
||||||
|
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
|
@ -128,6 +133,7 @@
|
||||||
"wheel"
|
"wheel"
|
||||||
"libvirtd"
|
"libvirtd"
|
||||||
"docker"
|
"docker"
|
||||||
|
"disk"
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
@ -314,4 +320,8 @@
|
||||||
programs.niri.enable = true;
|
programs.niri.enable = true;
|
||||||
programs.niri.package = pkgs.niri-unstable;
|
programs.niri.package = pkgs.niri-unstable;
|
||||||
programs.xwayland.enable = true;
|
programs.xwayland.enable = true;
|
||||||
|
|
||||||
|
services.udev.extraHwdb = ''
|
||||||
|
SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664"
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
11
hosts/ytnix/tailscale.nix
Normal file
11
hosts/ytnix/tailscale.nix
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
{ config, ... }: {
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
authKeyFile = config.sops.secrets."tailscale/auth".path;
|
||||||
|
openFirewall = true;
|
||||||
|
useRoutingFeatures = "client";
|
||||||
|
extraUpFlags = [
|
||||||
|
"--exit-node=100.122.132.30"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
14
justfile
Normal file
14
justfile
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
update:
|
||||||
|
git switch -c update
|
||||||
|
git push
|
||||||
|
git switch main
|
||||||
|
|
||||||
|
upgrade:
|
||||||
|
git switch update
|
||||||
|
sudo nixos-rebuild switch -L --flake . --use-substitutes
|
||||||
|
nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes
|
||||||
|
nixos-rebuild switch -L --flake .#titan --target-host root@www.cything.io --use-substitutes
|
||||||
|
home-manager -L switch --flake .
|
||||||
|
git switch main
|
||||||
|
git merge update
|
||||||
|
git branch -d update
|
||||||
31
secrets/services/tailscale.yaml
Normal file
31
secrets/services/tailscale.yaml
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
tailscale:
|
||||||
|
auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr
|
||||||
|
c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly
|
||||||
|
V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx
|
||||||
|
UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW
|
||||||
|
1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP
|
||||||
|
R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r
|
||||||
|
TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3
|
||||||
|
em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4
|
||||||
|
kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-01-24T05:26:20Z"
|
||||||
|
mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.3
|
||||||
Loading…
Add table
Reference in a new issue