tailscale
This commit is contained in:
parent
b6e9ed6d09
commit
6132cb3c9a
11
flake.nix
11
flake.nix
|
@ -260,6 +260,7 @@
|
||||||
hidpi = hw.common-hidpi;
|
hidpi = hw.common-hidpi;
|
||||||
p1005 = ./hardware/printer/hp-laserjet-p1005.nix;
|
p1005 = ./hardware/printer/hp-laserjet-p1005.nix;
|
||||||
au = ./profiles/auto-upgrade.nix;
|
au = ./profiles/auto-upgrade.nix;
|
||||||
|
ts = ./profiles/tailscale.nix;
|
||||||
#rb = ./profiles/remote-builders.nix; # TODO
|
#rb = ./profiles/remote-builders.nix; # TODO
|
||||||
nixld = ./profiles/nix-ld.nix;
|
nixld = ./profiles/nix-ld.nix;
|
||||||
dns64 = { config, ... }: {
|
dns64 = { config, ... }: {
|
||||||
|
@ -270,15 +271,15 @@
|
||||||
};
|
};
|
||||||
in builtins.mapAttrs (hostname: curried: curried hostname) {
|
in builtins.mapAttrs (hostname: curried: curried hostname) {
|
||||||
#hostname "domain" "system" inputs "state" [ modules ... ]
|
#hostname "domain" "system" inputs "state" [ modules ... ]
|
||||||
noximilien = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au intel ];
|
noximilien = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au ts intel ];
|
||||||
brumlebasse = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ au amd nspawn ];
|
brumlebasse = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ au amd nspawn ];
|
||||||
nord = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au intel-novga hw.common-gpu-intel-sandy-bridge rocm hidpi ];
|
nord = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au ts intel-novga hw.common-gpu-intel-sandy-bridge rocm hidpi ];
|
||||||
sopp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au nixld intel cuda p1005 ];
|
sopp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au ts nixld intel cuda p1005 ];
|
||||||
bjarte = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ nixld intel hw.lenovo-thinkpad-x1-7th-gen ];
|
bjarte = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ ts nixld intel hw.lenovo-thinkpad-x1-7th-gen ];
|
||||||
bolle = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel ];
|
bolle = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel ];
|
||||||
eple = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel rocm ];
|
eple = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel rocm ];
|
||||||
garp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel-novga cuda ];
|
garp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel-novga cuda ];
|
||||||
hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2311 "23.11" [ hw.pine64-pinebook-pro ];
|
hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2311 "23.11" [ ts hw.pine64-pinebook-pro ];
|
||||||
#gomperud smattkuken skrytebiffen skalkesnerken balleby bingus skjrlaltatjlstad
|
#gomperud smattkuken skrytebiffen skalkesnerken balleby bingus skjrlaltatjlstad
|
||||||
#bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke pytte uddu imdorf rosenqvist
|
#bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke pytte uddu imdorf rosenqvist
|
||||||
};
|
};
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
# DERP is a relay system that Tailscale uses when a direct connection cannot be established.
|
||||||
|
# https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp
|
||||||
|
|
||||||
|
{
|
||||||
|
# https://login.tailscale.com/admin/machines
|
||||||
|
|
||||||
|
services.tailscale.enable = true;
|
||||||
|
# https://tailscale.com/kb/1085/auth-keys
|
||||||
|
services.tailscale.authKeyFile = config.sops.secrets.tailscale-authkey.path; # also enables autoconnect
|
||||||
|
sops.secrets.tailscale-authkey = {};
|
||||||
|
}
|
|
@ -3,6 +3,7 @@ nix-community-builders-ssh-key-pub: ENC[AES256_GCM,data:WvjdlG/k+Hm8ZRaIc+6KzJvP
|
||||||
nix-community-builders-ssh-key: ENC[AES256_GCM,data:9QNhqQS/6Cu7VMUoWEWkpDCMPu7df6dmreI3duzesonaW6F4W6vL+YLMMTvnnR6BpgmpGvHdvk1aDQnVmpneie6WRfbL4PbLARJviyh1Z/tLQhY9i/MMIADk8D+o4HXBnzLRIWLt319h5eUN1pvmGlJLrgfC0IZLRnPCQLjulIrlhDBlswkNgTrrS0VoRFSXk59JUm8/vWu2OQef2Q99Sug7wquiDZ/XJfqYYxYsGj9SeKiVpyxyuMkviuddee+IOr92KmT19UlekuXAjrYAGeRITrVj1lBSd8DSlBm1ww+0BRqzsAAFojM6N3TkyTjjoXRbVDzDcsMaoCQ7U4Ab9FVz7GdxeNKmeulZMUi4ORPlo4PQ6uDX6RjbWyLwiP33fl5VXMN9+YByVRUrpdtjkQF6jlylCBBRcWl/yOJbYcNg3zcWmJtdVu9t29SU45J2BcJ4Oi18oPf5P6QiU6dJiX1Ba8oR1QeLbFum724J+L5k64Rd84oLkxzVr5GLfXsp54sQ7FkrwEK9HWRfwN8F,iv:NTnnv0Hax/H7EoyHn0VRMG8sbb8tF23Ur2Ak4WYp8Bk=,tag:4hyGKetJ+I3zSqh1zOw/jg==,type:str]
|
nix-community-builders-ssh-key: ENC[AES256_GCM,data:9QNhqQS/6Cu7VMUoWEWkpDCMPu7df6dmreI3duzesonaW6F4W6vL+YLMMTvnnR6BpgmpGvHdvk1aDQnVmpneie6WRfbL4PbLARJviyh1Z/tLQhY9i/MMIADk8D+o4HXBnzLRIWLt319h5eUN1pvmGlJLrgfC0IZLRnPCQLjulIrlhDBlswkNgTrrS0VoRFSXk59JUm8/vWu2OQef2Q99Sug7wquiDZ/XJfqYYxYsGj9SeKiVpyxyuMkviuddee+IOr92KmT19UlekuXAjrYAGeRITrVj1lBSd8DSlBm1ww+0BRqzsAAFojM6N3TkyTjjoXRbVDzDcsMaoCQ7U4Ab9FVz7GdxeNKmeulZMUi4ORPlo4PQ6uDX6RjbWyLwiP33fl5VXMN9+YByVRUrpdtjkQF6jlylCBBRcWl/yOJbYcNg3zcWmJtdVu9t29SU45J2BcJ4Oi18oPf5P6QiU6dJiX1Ba8oR1QeLbFum724J+L5k64Rd84oLkxzVr5GLfXsp54sQ7FkrwEK9HWRfwN8F,iv:NTnnv0Hax/H7EoyHn0VRMG8sbb8tF23Ur2Ak4WYp8Bk=,tag:4hyGKetJ+I3zSqh1zOw/jg==,type:str]
|
||||||
pbsbot-gh-token: ENC[AES256_GCM,data:iPTIei8KLfHKeGey08CfSsyuTufvxO4WHG9qE1TqmWHv5/vqW8YyGQ==,iv:JOKI1aFsnqPFkkkZuCmcIFZAbXe7kANt3QEuD+3GyWs=,tag:quwvq3FBiXE1GrzzdWVQww==,type:str]
|
pbsbot-gh-token: ENC[AES256_GCM,data:iPTIei8KLfHKeGey08CfSsyuTufvxO4WHG9qE1TqmWHv5/vqW8YyGQ==,iv:JOKI1aFsnqPFkkkZuCmcIFZAbXe7kANt3QEuD+3GyWs=,tag:quwvq3FBiXE1GrzzdWVQww==,type:str]
|
||||||
nix-access-tokens: ENC[AES256_GCM,data:L1vfP8nV+wX8jFlrIYEkmyeQh2M7sgHIu5RizaWv9EvzqCpLxFCbuxo/t0GlwQ8APotpdA3gVuHICJEvJ/mZMnyhr7NC+YDKzGc=,iv:V33lAnNtrOOttE4ujpB8X1TIrRfrjxaEyKYd/T68fpY=,tag:aqWKnEfugnyISUHHS8RHkg==,type:str]
|
nix-access-tokens: ENC[AES256_GCM,data:L1vfP8nV+wX8jFlrIYEkmyeQh2M7sgHIu5RizaWv9EvzqCpLxFCbuxo/t0GlwQ8APotpdA3gVuHICJEvJ/mZMnyhr7NC+YDKzGc=,iv:V33lAnNtrOOttE4ujpB8X1TIrRfrjxaEyKYd/T68fpY=,tag:aqWKnEfugnyISUHHS8RHkg==,type:str]
|
||||||
|
tailscale-authkey: ENC[AES256_GCM,data:RieWRv30MUPSnHu2w8QCGgyaccmK/DAnGxLe+Y+F0fpTcnZowyGUFiJnWzlegyam237TOxlNCPiAwalaAgs=,iv:bPYYskc0fsQaPCNcNWwWzFMnGiU6oD58DDEex0wVdTA=,tag:kPqJGuv8uiazscfDQZoVJQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -108,8 +109,8 @@ sops:
|
||||||
SklPV3NUSkxwSk1rWHg5N2tiN0xHeVkKhUqu6rVayVeGi00YMRXF1npO7j9oXySX
|
SklPV3NUSkxwSk1rWHg5N2tiN0xHeVkKhUqu6rVayVeGi00YMRXF1npO7j9oXySX
|
||||||
rxVQgH6hYlLbeCIW4T6cP2eCbchWDi3Pear1DVknwEDa+DhHey7Bmg==
|
rxVQgH6hYlLbeCIW4T6cP2eCbchWDi3Pear1DVknwEDa+DhHey7Bmg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-10-01T17:21:34Z"
|
lastmodified: "2024-10-10T18:41:43Z"
|
||||||
mac: ENC[AES256_GCM,data:ThhI6Cq1oVBNiEgw2mgDn+3klabSlfS1rYjYhSr7pTWj6sWIDudwentDPL4lJJgbl3C9RiGcNcSodnC52rru0pLb1heD+Gf9ktSCXm4NsMB/KfrW/BlDY+QBzTrmVHkT5hudK2+tiEC6tfFH2yu1fMM1S4lSOiV3fTAE0rRpN5c=,iv:9kSaKV7jqtErAsX5DmHEGJM/zYR5DiAhhQhjj1Gyt0Q=,tag:bwfnEaBM/5NVf5xvUZqT1A==,type:str]
|
mac: ENC[AES256_GCM,data:ePhFUI/5JwTNLAq7U59HwQ5YtSUwSM4WbK5essyC4OT2KqCUlBYBMQ8iIZChMcxyYH1IhZ6bNXj9wyPkiVzZYkrqnW8MKm4yMHG+YF4hmDXNdLqhPHVYfK9loC7IyNhAoHifD4wMHXwjeqwoDSGu8RNrokn0gZxLFUYxzJTUhc8=,iv:XR2diRC3A7IRW3S34pZXPt8TkcpYJQdF3fXImrfVbFw=,tag:2ISXJ9oWd+8eY8yqjZuHiQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
|
Loading…
Reference in New Issue