cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

configure tailscale and stuff

Browse source
This commit is contained in:
cy 2025-01-24 01:10:53 -05:00
parent 76b0dd1a4e
commit e03a8e6c8a
7 changed files with 71 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.sops.yaml
View file

@ -103,3 +103,8 @@ creation_rules:
- age: - age:
- *chunk - *chunk
- *cy - *cy
- path_regex: secrets/services/tailscale.yaml
key_groups:
- age:
- *chunk
- *cy

23
home/nixvim/default.nix
View file

@ -193,28 +193,6 @@
settings.current_line_blame = true; settings.current_line_blame = true;
}; };
plugins.none-ls = {
enable = true;
enableLspFormat = true;
sources = {
code_actions.gitsigns.enable = true;
completion = {
luasnip.enable = true;
spell.enable = true;
};
diagnostics = {
codespell.enable = true;
commitlint.enable = true;
deadnix.enable = true;
markdownlint.enable = true;
pylint.enable = true;
};
formatting = {
just.enable = true;
};
};
};
plugins.cmp-buffer.enable = true; plugins.cmp-buffer.enable = true;
plugins.cmp-emoji.enable = true; plugins.cmp-emoji.enable = true;
plugins.cmp-nvim-lsp.enable = true; plugins.cmp-nvim-lsp.enable = true;
@ -227,6 +205,5 @@
plugins.auto-save.enable = true; plugins.auto-save.enable = true;
plugins.indent-blankline.enable = true; plugins.indent-blankline.enable = true;
plugins.undotree.enable = true; plugins.undotree.enable = true;
plugins.lsp-format.enable = true;
}; };
} }

5
hosts/chunk/default.nix
View file

@ -26,6 +26,7 @@
./attic.nix ./attic.nix
./forgejo.nix ./forgejo.nix
./garage.nix ./garage.nix
./tailscale.nix
]; ];
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -66,10 +67,12 @@
"attic/env" = { "attic/env" = {
sopsFile = ../../secrets/services/attic.yaml; sopsFile = ../../secrets/services/attic.yaml;
}; };
"garage/env" = { "garage/env" = {
sopsFile = ../../secrets/services/garage.yaml; sopsFile = ../../secrets/services/garage.yaml;
}; };
"tailscale/auth" = {
sopsFile = ../../secrets/services/tailscale.yaml;
};
}; };
boot.loader.grub.enable = true; boot.loader.grub.enable = true;

9
hosts/chunk/tailscale.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, ... }: {
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/auth".path;
extraUpFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
openFirewall = true;
};
}

12
hosts/ytnix/default.nix
View file

@ -1,7 +1,7 @@
{ {
config, config,
pkgs, pkgs,
lib,
... ...
}: }:
{ {
@ -9,6 +9,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
../common.nix ../common.nix
../zsh.nix ../zsh.nix
./tailscale.nix
]; ];
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -32,6 +33,9 @@
sopsFile = ../../secrets/newsboat.yaml; sopsFile = ../../secrets/newsboat.yaml;
owner = "yt"; owner = "yt";
}; };
"tailscale/auth" = {
sopsFile = ../../secrets/services/tailscale.yaml;
};
}; };
boot = { boot = {
@ -58,6 +62,7 @@
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
}; };
kernel.sysctl."kernel.sysrq" = 1; kernel.sysctl."kernel.sysrq" = 1;
binfmt.emulatedSystems = [ "aarch64-linux" ];
}; };
networking = { networking = {
@ -128,6 +133,7 @@
"wheel" "wheel"
"libvirtd" "libvirtd"
"docker" "docker"
"disk"
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -314,4 +320,8 @@
programs.niri.enable = true; programs.niri.enable = true;
programs.niri.package = pkgs.niri-unstable; programs.niri.package = pkgs.niri-unstable;
programs.xwayland.enable = true; programs.xwayland.enable = true;
services.udev.extraHwdb = ''
SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664"
'';
} }

11
hosts/ytnix/tailscale.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, ... }: {
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/auth".path;
openFirewall = true;
useRoutingFeatures = "client";
extraUpFlags = [
"--exit-node=100.122.132.30"
];
};
}

31
secrets/services/tailscale.yaml Normal file
View file

@ -0,0 +1,31 @@
tailscale:
auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr
c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly
V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx
UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW
1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP
R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r
TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3
em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4
kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-24T05:26:20Z"
mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3