From 4905d70abebf07c1de3e4571f580ab364e155c0a Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Fri, 31 Oct 2025 22:12:21 +0100 Subject: [PATCH] jklasdljkdasjklasdlkj --- profiles/known-hosts/hosts.toml | 5 +++-- profiles/tailscale-inner.nix | 10 +++++++--- profiles/tailscale-outer.nix | 10 +++++++--- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/profiles/known-hosts/hosts.toml b/profiles/known-hosts/hosts.toml index 63a22c8..5823e1c 100644 --- a/profiles/known-hosts/hosts.toml +++ b/profiles/known-hosts/hosts.toml @@ -74,8 +74,9 @@ ssh.proxyJump = "login.stud.ntnu.no" # login.pvv.ntnu.no # ssh.connectTimeout = 3 # wakeonlan 4c:cc:6a:05:51:01 -["garp.tail9aac63.ts.net"] # gtx 1080 -# aliases = [ "garp.pbsds.net" ] +#["garp.tail9aac63.ts.net"] # gtx 1080 +["garp.tail9aac63.ts.net"] # gtx 3060 ti +aliases = [ "garp.pbsds.net" ] buildMachine.systems = ["x86_64-linux", "i686-linux", "riscv64-linux"] buildMachine.maxJobs = 2 # 8 threads 32GB buildMachine.speedFactor = 4 # i7-6700 diff --git a/profiles/tailscale-inner.nix b/profiles/tailscale-inner.nix index 2b29a3f..746c047 100644 --- a/profiles/tailscale-inner.nix +++ b/profiles/tailscale-inner.nix @@ -17,9 +17,13 @@ lib.mkIf (!config.virtualisation.isVmVariant) services.tailscale.authKeyFile = config.sops.secrets.tailscale-authkey-inner.path; # also enables autoconnect sops.secrets.tailscale-authkey-inner.sopsFile = ../secrets/tailscale-inner.yaml; - # # Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups - # # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111 - # networking.firewall.checkReversePath = "loose"; + # https://wiki.nixos.org/wiki/Tailscale#DNS + services.resolved.enable = lib.mkDefault config.networking.networkmanager.enable; + + # Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups + # https://wiki.nixos.org/wiki/Tailscale#No_internet_when_using_exit_node + # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111 + networking.firewall.checkReversePath = lib.mkDefault "loose"; # TODO: why do people do this? # networking.firewall.trustedInterfaces = [ interfaceName ]; diff --git a/profiles/tailscale-outer.nix b/profiles/tailscale-outer.nix index 8c18445..1960bac 100644 --- a/profiles/tailscale-outer.nix +++ b/profiles/tailscale-outer.nix @@ -17,9 +17,13 @@ lib.mkIf (!config.virtualisation.isVmVariant) services.tailscale.authKeyFile = config.sops.secrets.tailscale-authkey-outer.path; # also enables autoconnect sops.secrets.tailscale-authkey-outer.sopsFile = ../secrets/tailscale-outer.yaml; - # # Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups - # # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111 - # networking.firewall.checkReversePath = "loose"; + # https://wiki.nixos.org/wiki/Tailscale#DNS + services.resolved.enable = lib.mkDefault config.networking.networkmanager.enable; + + # Strict reverse path filtering breaks Tailscale exit node use and some subnet routing setups + # https://wiki.nixos.org/wiki/Tailscale#No_internet_when_using_exit_node + # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111 + networking.firewall.checkReversePath = lib.mkDefault "loose"; # TODO: why do people do this? # networking.firewall.trustedInterfaces = [ interfaceName ];