pederbs/config
pederbs
/
config
2
1
Fork 0
Code Issues Pull Requests Releases Activity

tailscale

This commit is contained in:
Peder Bergebakken Sundt 2024-10-10 21:06:31 +02:00
parent b6e9ed6d09
commit 6132cb3c9a
3 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
flake.nix
View File

@ -260,6 +260,7 @@
hidpi = hw.common-hidpi; hidpi = hw.common-hidpi;
p1005 = ./hardware/printer/hp-laserjet-p1005.nix; p1005 = ./hardware/printer/hp-laserjet-p1005.nix;
au = ./profiles/auto-upgrade.nix; au = ./profiles/auto-upgrade.nix;
ts = ./profiles/tailscale.nix;
#rb = ./profiles/remote-builders.nix; # TODO #rb = ./profiles/remote-builders.nix; # TODO
nixld = ./profiles/nix-ld.nix; nixld = ./profiles/nix-ld.nix;
dns64 = { config, ... }: { dns64 = { config, ... }: {
@ -270,15 +271,15 @@
}; };
in builtins.mapAttrs (hostname: curried: curried hostname) { in builtins.mapAttrs (hostname: curried: curried hostname) {
#hostname "domain" "system" inputs "state" [ modules ... ] #hostname "domain" "system" inputs "state" [ modules ... ]
noximilien = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au intel ]; noximilien = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au ts intel ];
brumlebasse = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ au amd nspawn ]; brumlebasse = mk "pbsds.net" "x86_64-linux" inputs-2311 "23.11" [ au amd nspawn ];
nord = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au intel-novga hw.common-gpu-intel-sandy-bridge rocm hidpi ]; nord = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au ts intel-novga hw.common-gpu-intel-sandy-bridge rocm hidpi ];
sopp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au nixld intel cuda p1005 ]; sopp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au ts nixld intel cuda p1005 ];
bjarte = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ nixld intel hw.lenovo-thinkpad-x1-7th-gen ]; bjarte = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ ts nixld intel hw.lenovo-thinkpad-x1-7th-gen ];
bolle = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel ]; bolle = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel ];
eple = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel rocm ]; eple = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel rocm ];
garp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel-novga cuda ]; garp = mk "pbsds.net" "x86_64-linux" inputs-2405 "23.11" [ au dns64 intel-novga cuda ];
hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2311 "23.11" [ hw.pine64-pinebook-pro ]; hasselknippe= mk "pbsds.net" "aarch64-linux" inputs-2311 "23.11" [ ts hw.pine64-pinebook-pro ];
#gomperud smattkuken skrytebiffen skalkesnerken balleby bingus skjrlaltatjlstad #gomperud smattkuken skrytebiffen skalkesnerken balleby bingus skjrlaltatjlstad
#bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke pytte uddu imdorf rosenqvist #bergjlot snortheimsmoen ditlefsen skrukkerud podebusk zmaragd makrell alfnes blix urke pytte uddu imdorf rosenqvist
}; };

13
profiles/tailscale.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, ... }:
# DERP is a relay system that Tailscale uses when a direct connection cannot be established.
# https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp
{
# https://login.tailscale.com/admin/machines
services.tailscale.enable = true;
# https://tailscale.com/kb/1085/auth-keys
services.tailscale.authKeyFile = config.sops.secrets.tailscale-authkey.path; # also enables autoconnect
sops.secrets.tailscale-authkey = {};
}

5
secrets/default.yaml
View File

@ -3,6 +3,7 @@ nix-community-builders-ssh-key-pub: ENC[AES256_GCM,data:WvjdlG/k+Hm8ZRaIc+6KzJvP
nix-community-builders-ssh-key: ENC[AES256_GCM,data:9QNhqQS/6Cu7VMUoWEWkpDCMPu7df6dmreI3duzesonaW6F4W6vL+YLMMTvnnR6BpgmpGvHdvk1aDQnVmpneie6WRfbL4PbLARJviyh1Z/tLQhY9i/MMIADk8D+o4HXBnzLRIWLt319h5eUN1pvmGlJLrgfC0IZLRnPCQLjulIrlhDBlswkNgTrrS0VoRFSXk59JUm8/vWu2OQef2Q99Sug7wquiDZ/XJfqYYxYsGj9SeKiVpyxyuMkviuddee+IOr92KmT19UlekuXAjrYAGeRITrVj1lBSd8DSlBm1ww+0BRqzsAAFojM6N3TkyTjjoXRbVDzDcsMaoCQ7U4Ab9FVz7GdxeNKmeulZMUi4ORPlo4PQ6uDX6RjbWyLwiP33fl5VXMN9+YByVRUrpdtjkQF6jlylCBBRcWl/yOJbYcNg3zcWmJtdVu9t29SU45J2BcJ4Oi18oPf5P6QiU6dJiX1Ba8oR1QeLbFum724J+L5k64Rd84oLkxzVr5GLfXsp54sQ7FkrwEK9HWRfwN8F,iv:NTnnv0Hax/H7EoyHn0VRMG8sbb8tF23Ur2Ak4WYp8Bk=,tag:4hyGKetJ+I3zSqh1zOw/jg==,type:str] nix-community-builders-ssh-key: ENC[AES256_GCM,data:9QNhqQS/6Cu7VMUoWEWkpDCMPu7df6dmreI3duzesonaW6F4W6vL+YLMMTvnnR6BpgmpGvHdvk1aDQnVmpneie6WRfbL4PbLARJviyh1Z/tLQhY9i/MMIADk8D+o4HXBnzLRIWLt319h5eUN1pvmGlJLrgfC0IZLRnPCQLjulIrlhDBlswkNgTrrS0VoRFSXk59JUm8/vWu2OQef2Q99Sug7wquiDZ/XJfqYYxYsGj9SeKiVpyxyuMkviuddee+IOr92KmT19UlekuXAjrYAGeRITrVj1lBSd8DSlBm1ww+0BRqzsAAFojM6N3TkyTjjoXRbVDzDcsMaoCQ7U4Ab9FVz7GdxeNKmeulZMUi4ORPlo4PQ6uDX6RjbWyLwiP33fl5VXMN9+YByVRUrpdtjkQF6jlylCBBRcWl/yOJbYcNg3zcWmJtdVu9t29SU45J2BcJ4Oi18oPf5P6QiU6dJiX1Ba8oR1QeLbFum724J+L5k64Rd84oLkxzVr5GLfXsp54sQ7FkrwEK9HWRfwN8F,iv:NTnnv0Hax/H7EoyHn0VRMG8sbb8tF23Ur2Ak4WYp8Bk=,tag:4hyGKetJ+I3zSqh1zOw/jg==,type:str]
pbsbot-gh-token: ENC[AES256_GCM,data:iPTIei8KLfHKeGey08CfSsyuTufvxO4WHG9qE1TqmWHv5/vqW8YyGQ==,iv:JOKI1aFsnqPFkkkZuCmcIFZAbXe7kANt3QEuD+3GyWs=,tag:quwvq3FBiXE1GrzzdWVQww==,type:str] pbsbot-gh-token: ENC[AES256_GCM,data:iPTIei8KLfHKeGey08CfSsyuTufvxO4WHG9qE1TqmWHv5/vqW8YyGQ==,iv:JOKI1aFsnqPFkkkZuCmcIFZAbXe7kANt3QEuD+3GyWs=,tag:quwvq3FBiXE1GrzzdWVQww==,type:str]
nix-access-tokens: ENC[AES256_GCM,data:L1vfP8nV+wX8jFlrIYEkmyeQh2M7sgHIu5RizaWv9EvzqCpLxFCbuxo/t0GlwQ8APotpdA3gVuHICJEvJ/mZMnyhr7NC+YDKzGc=,iv:V33lAnNtrOOttE4ujpB8X1TIrRfrjxaEyKYd/T68fpY=,tag:aqWKnEfugnyISUHHS8RHkg==,type:str] nix-access-tokens: ENC[AES256_GCM,data:L1vfP8nV+wX8jFlrIYEkmyeQh2M7sgHIu5RizaWv9EvzqCpLxFCbuxo/t0GlwQ8APotpdA3gVuHICJEvJ/mZMnyhr7NC+YDKzGc=,iv:V33lAnNtrOOttE4ujpB8X1TIrRfrjxaEyKYd/T68fpY=,tag:aqWKnEfugnyISUHHS8RHkg==,type:str]
tailscale-authkey: ENC[AES256_GCM,data:RieWRv30MUPSnHu2w8QCGgyaccmK/DAnGxLe+Y+F0fpTcnZowyGUFiJnWzlegyam237TOxlNCPiAwalaAgs=,iv:bPYYskc0fsQaPCNcNWwWzFMnGiU6oD58DDEex0wVdTA=,tag:kPqJGuv8uiazscfDQZoVJQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -108,8 +109,8 @@ sops:
SklPV3NUSkxwSk1rWHg5N2tiN0xHeVkKhUqu6rVayVeGi00YMRXF1npO7j9oXySX SklPV3NUSkxwSk1rWHg5N2tiN0xHeVkKhUqu6rVayVeGi00YMRXF1npO7j9oXySX
rxVQgH6hYlLbeCIW4T6cP2eCbchWDi3Pear1DVknwEDa+DhHey7Bmg== rxVQgH6hYlLbeCIW4T6cP2eCbchWDi3Pear1DVknwEDa+DhHey7Bmg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-01T17:21:34Z" lastmodified: "2024-10-10T18:41:43Z"
mac: ENC[AES256_GCM,data:ThhI6Cq1oVBNiEgw2mgDn+3klabSlfS1rYjYhSr7pTWj6sWIDudwentDPL4lJJgbl3C9RiGcNcSodnC52rru0pLb1heD+Gf9ktSCXm4NsMB/KfrW/BlDY+QBzTrmVHkT5hudK2+tiEC6tfFH2yu1fMM1S4lSOiV3fTAE0rRpN5c=,iv:9kSaKV7jqtErAsX5DmHEGJM/zYR5DiAhhQhjj1Gyt0Q=,tag:bwfnEaBM/5NVf5xvUZqT1A==,type:str] mac: ENC[AES256_GCM,data:ePhFUI/5JwTNLAq7U59HwQ5YtSUwSM4WbK5essyC4OT2KqCUlBYBMQ8iIZChMcxyYH1IhZ6bNXj9wyPkiVzZYkrqnW8MKm4yMHG+YF4hmDXNdLqhPHVYfK9loC7IyNhAoHifD4wMHXwjeqwoDSGu8RNrokn0gZxLFUYxzJTUhc8=,iv:XR2diRC3A7IRW3S34pZXPt8TkcpYJQdF3fXImrfVbFw=,tag:2ISXJ9oWd+8eY8yqjZuHiQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0