diff options
| -rw-r--r-- | hosts/profiles.nix | 5 | ||||
| -rw-r--r-- | modules/nixos/features/tailscale.nix | 8 | ||||
| -rw-r--r-- | secrets/hosts/atlas/tailscaleAuthKey.age | 14 | ||||
| -rw-r--r-- | secrets/hosts/p-body/tailscaleAuthKey.age | 12 | ||||
| -rw-r--r-- | secrets/secrets.nix | 2 |
5 files changed, 35 insertions, 6 deletions
diff --git a/hosts/profiles.nix b/hosts/profiles.nix index b8adc8e..143fcd0 100644 --- a/hosts/profiles.nix +++ b/hosts/profiles.nix @@ -74,7 +74,10 @@ in { { getchoo = { - features.tailscale.enable = true; + features.tailscale = { + enable = true; + ssh.enable = true; + }; server = { enable = true; diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index 042426b..1c307bb 100644 --- a/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -26,26 +26,24 @@ in { allowedUDPPorts = [config.services.tailscale.port]; trustedInterfaces = ["tailscale0"]; } - // (mkIf cfg.ssh.enable { + // lib.optionalAttrs cfg.ssh.enable { allowedTCPPorts = [22]; - }); + }; services = { tailscale.enable = mkDefault true; }; + # https://tailscale.com/kb/1096/nixos-minecraft/ systemd.services.tailscale-autoconnect = { description = "Automatic connection to Tailscale"; - # make sure tailscale is running before trying to connect to tailscale after = ["network-pre.target" "tailscale.service"]; wants = ["network-pre.target" "tailscale.service"]; wantedBy = ["multi-user.target"]; - # set this service as a oneshot job serviceConfig.Type = "oneshot"; - # have the job run this shell script script = let inherit (pkgs) tailscale jq; in '' diff --git a/secrets/hosts/atlas/tailscaleAuthKey.age b/secrets/hosts/atlas/tailscaleAuthKey.age new file mode 100644 index 0000000..1517baf --- /dev/null +++ b/secrets/hosts/atlas/tailscaleAuthKey.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxXSVVGUSAxWVA0 +WmxmSGlLYkdKM2tTUlNUem1abDR4YnZHWHJ5Ym8yZnY5angzQlNrCmpCRmNyNE9C +Tjk3MWYwdXI5QStxbm5kd3hGM3FHNVJhcXJ2Q21HNlhEMk0KLT4gc3NoLWVkMjU1 +MTkgSTkyQTNRIGY4MURyWjlBN1V5dk9qU2FvNDhscFc1dTFlNFlSOGJobUZYcEdU +K09sanMKVWUyaGIzQXRJMnJKOFovT2JjWGNBOU0xaXBlMzlEZHBmZTZIL0V0N2Zq +TQotPiAlemJgLWU7aS1ncmVhc2UgISA5STA/QiB9IENcYX5bbAp0N0pIZUpJQS9p +MzJWb3NCclg0VytQQU8zT3Q0N0hkQzdhcDNyZFdpb3NxampSa2VhV0xxbTBKNHpU +WnA2bkIzCnl4dUdRdWpRK2x5dEZ5dWppWG81M1orUElWemNoQklzdGduMDJJTkVm +TXpUVGtoazhRCi0tLSBUc084T0srWmRlelZjNjZoUnIzcjRLQ3hWN21oMkZnYTJR +b3NFVVJhVnc4CknQQMmTw+5tonM00ULIiexDkVXCuiExEwVcSIDJvD3BvYyziApV +31vE4QgNU0qSW0BKqulx2JlMETajydqgZ6YTxHfJN78IP6ErWrGTA9b25ivKPjzT +8QabTw== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hosts/p-body/tailscaleAuthKey.age b/secrets/hosts/p-body/tailscaleAuthKey.age new file mode 100644 index 0000000..e525b92 --- /dev/null +++ b/secrets/hosts/p-body/tailscaleAuthKey.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDJybTN3ZyAyYnds +VTFmby83QndHSDB3aGpZcndCajMvbTZXR0hUbzJreDV4aXB5ZnljCnBETEFjNHdn +akppQjdDalNtcEVVS3Bra3ZPL1BSZmgwOWxiVFRvWWQ2NzAKLT4gc3NoLWVkMjU1 +MTkgSTkyQTNRIFFSNGs0anNzc1NoK1dnNlFzSk93R3p2dDVKK1kwaS9qYk14WWZM +Y3J2QW8KZmNDbWU2TW42bG5weEdoMFpuNzB6OFJIbEJxUGNURWhUMi8wbGtsdTFQ +cwotPiBRKDotZ3JlYXNlIGM3K0M/dSggKzFHW1kqbksKTTVlaCtnM3BDTFlnQzk3 +Y1ZtbkQyN0pVc1BhZ3ZCMAotLS0gUEp5Rmk2WHhQU1IvdE40VmxUR2N5WEJ5aCt3 +Yk54M2dSbTRXN0J2blFLZwpqDEmxDLbwk2hFDBz+vK2iTWChKQ+0AgZqVDMTZ2vY +OsrXweugSYJqR6JgB3GL9J/SRpGH/0mh/16Fu3MfvaLvMOkMBAc+OJ9YtRVQrPj8 +kmk2GTTs0SaI+Q== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 9dd4eb2..f74dabc 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -15,6 +15,7 @@ in { "hosts/atlas/clusterToken.age".publicKeys = atlas; "hosts/atlas/secretsJson.age".publicKeys = atlas; "hosts/atlas/miniflux.age".publicKeys = atlas; + "hosts/atlas/tailscaleAuthKey.age".publicKeys = atlas; "hosts/p-body/rootPassword.age".publicKeys = p-body; "hosts/p-body/userPassword.age".publicKeys = p-body; @@ -22,4 +23,5 @@ in { "hosts/p-body/binaryCache.age".publicKeys = p-body; "hosts/p-body/clusterToken.age".publicKeys = p-body; "hosts/p-body/secretsJson.age".publicKeys = p-body; + "hosts/p-body/tailscaleAuthKey.age".publicKeys = p-body; } |