From 6132cb3c9a905f60d88ddf705d358191db07ebf0 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Thu, 10 Oct 2024 21:06:31 +0200 Subject: [PATCH] tailscale --- flake.nix | 19 ++++++++++--------- profiles/tailscale.nix | 13 +++++++++++++ secrets/default.yaml | 5 +++-- 3 files changed, 26 insertions(+), 11 deletions(-) create mode 100644 profiles/tailscale.nix diff --git a/flake.nix b/flake.nix index 591505d..b951eeb 100644 --- a/flake.nix +++ b/flake.nix @@ -260,6 +260,7 @@ hidpi = hw.common-hidpi; p1005 = ./hardware/printer/hp-laserjet-p1005.nix; au = ./profiles/auto-upgrade.nix; + ts = ./profiles/tailscale.nix; #rb = ./profiles/remote-builders.nix; # TODO nixld = ./profiles/nix-ld.nix; dns64 = { config, ... }: { @@ -270,15 +271,15 @@ }; in builtins.mapAttrs (hostname: curried: curried hostname) { #hostname "domain" "system" inputs "state" [ modules ... ] - noximilien = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au intel ]; - brumlebasse = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ au amd nspawn ]; - nord = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au intel-novga hw.common-gpu-intel-sandy-bridge rocm hidpi ]; - sopp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au nixld intel cuda p1005 ]; - bjarte = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ nixld intel hw.lenovo-thinkpad-x1-7th-gen ]; - bolle = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel ]; - eple = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel rocm ]; - garp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel-novga cuda ]; - hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2311 "23.11" [ hw.pine64-pinebook-pro ]; + noximilien = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au ts intel ]; + brumlebasse = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ au amd nspawn ]; + nord = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au ts intel-novga hw.common-gpu-intel-sandy-bridge rocm hidpi ]; + sopp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au ts nixld intel cuda p1005 ]; + bjarte = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ ts nixld intel hw.lenovo-thinkpad-x1-7th-gen ]; + bolle = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel ]; + eple = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel rocm ]; + garp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel-novga cuda ]; + hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2311 "23.11" [ ts hw.pine64-pinebook-pro ]; #gomperud smattkuken skrytebiffen skalkesnerken balleby bingus skjrlaltatjlstad #bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke pytte uddu imdorf rosenqvist }; diff --git a/profiles/tailscale.nix b/profiles/tailscale.nix new file mode 100644 index 0000000..168a282 --- /dev/null +++ b/profiles/tailscale.nix @@ -0,0 +1,13 @@ +{ config, ... }: + +# DERP is a relay system that Tailscale uses when a direct connection cannot be established. +# https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp + +{ + # https://login.tailscale.com/admin/machines + + services.tailscale.enable = true; + # https://tailscale.com/kb/1085/auth-keys + services.tailscale.authKeyFile = config.sops.secrets.tailscale-authkey.path; # also enables autoconnect + sops.secrets.tailscale-authkey = {}; +} diff --git a/secrets/default.yaml b/secrets/default.yaml index b55da6e..9f63edd 100644 --- a/secrets/default.yaml +++ b/secrets/default.yaml @@ -3,6 +3,7 @@ nix-community-builders-ssh-key-pub: ENC[AES256_GCM,data:WvjdlG/k+Hm8ZRaIc+6KzJvP nix-community-builders-ssh-key: ENC[AES256_GCM,data:9QNhqQS/6Cu7VMUoWEWkpDCMPu7df6dmreI3duzesonaW6F4W6vL+YLMMTvnnR6BpgmpGvHdvk1aDQnVmpneie6WRfbL4PbLARJviyh1Z/tLQhY9i/MMIADk8D+o4HXBnzLRIWLt319h5eUN1pvmGlJLrgfC0IZLRnPCQLjulIrlhDBlswkNgTrrS0VoRFSXk59JUm8/vWu2OQef2Q99Sug7wquiDZ/XJfqYYxYsGj9SeKiVpyxyuMkviuddee+IOr92KmT19UlekuXAjrYAGeRITrVj1lBSd8DSlBm1ww+0BRqzsAAFojM6N3TkyTjjoXRbVDzDcsMaoCQ7U4Ab9FVz7GdxeNKmeulZMUi4ORPlo4PQ6uDX6RjbWyLwiP33fl5VXMN9+YByVRUrpdtjkQF6jlylCBBRcWl/yOJbYcNg3zcWmJtdVu9t29SU45J2BcJ4Oi18oPf5P6QiU6dJiX1Ba8oR1QeLbFum724J+L5k64Rd84oLkxzVr5GLfXsp54sQ7FkrwEK9HWRfwN8F,iv:NTnnv0Hax/H7EoyHn0VRMG8sbb8tF23Ur2Ak4WYp8Bk=,tag:4hyGKetJ+I3zSqh1zOw/jg==,type:str] pbsbot-gh-token: ENC[AES256_GCM,data:iPTIei8KLfHKeGey08CfSsyuTufvxO4WHG9qE1TqmWHv5/vqW8YyGQ==,iv:JOKI1aFsnqPFkkkZuCmcIFZAbXe7kANt3QEuD+3GyWs=,tag:quwvq3FBiXE1GrzzdWVQww==,type:str] nix-access-tokens: ENC[AES256_GCM,data:L1vfP8nV+wX8jFlrIYEkmyeQh2M7sgHIu5RizaWv9EvzqCpLxFCbuxo/t0GlwQ8APotpdA3gVuHICJEvJ/mZMnyhr7NC+YDKzGc=,iv:V33lAnNtrOOttE4ujpB8X1TIrRfrjxaEyKYd/T68fpY=,tag:aqWKnEfugnyISUHHS8RHkg==,type:str] +tailscale-authkey: ENC[AES256_GCM,data:RieWRv30MUPSnHu2w8QCGgyaccmK/DAnGxLe+Y+F0fpTcnZowyGUFiJnWzlegyam237TOxlNCPiAwalaAgs=,iv:bPYYskc0fsQaPCNcNWwWzFMnGiU6oD58DDEex0wVdTA=,tag:kPqJGuv8uiazscfDQZoVJQ==,type:str] sops: kms: [] gcp_kms: [] @@ -108,8 +109,8 @@ sops: SklPV3NUSkxwSk1rWHg5N2tiN0xHeVkKhUqu6rVayVeGi00YMRXF1npO7j9oXySX rxVQgH6hYlLbeCIW4T6cP2eCbchWDi3Pear1DVknwEDa+DhHey7Bmg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-01T17:21:34Z" - mac: ENC[AES256_GCM,data:ThhI6Cq1oVBNiEgw2mgDn+3klabSlfS1rYjYhSr7pTWj6sWIDudwentDPL4lJJgbl3C9RiGcNcSodnC52rru0pLb1heD+Gf9ktSCXm4NsMB/KfrW/BlDY+QBzTrmVHkT5hudK2+tiEC6tfFH2yu1fMM1S4lSOiV3fTAE0rRpN5c=,iv:9kSaKV7jqtErAsX5DmHEGJM/zYR5DiAhhQhjj1Gyt0Q=,tag:bwfnEaBM/5NVf5xvUZqT1A==,type:str] + lastmodified: "2024-10-10T18:41:43Z" + mac: ENC[AES256_GCM,data:ePhFUI/5JwTNLAq7U59HwQ5YtSUwSM4WbK5essyC4OT2KqCUlBYBMQ8iIZChMcxyYH1IhZ6bNXj9wyPkiVzZYkrqnW8MKm4yMHG+YF4hmDXNdLqhPHVYfK9loC7IyNhAoHifD4wMHXwjeqwoDSGu8RNrokn0gZxLFUYxzJTUhc8=,iv:XR2diRC3A7IRW3S34pZXPt8TkcpYJQdF3fXImrfVbFw=,tag:2ISXJ9oWd+8eY8yqjZuHiQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0