From 4caa14d0416c8ac14e0ac617a1eec22b9df830f6 Mon Sep 17 00:00:00 2001 From: seth Date: Wed, 28 Feb 2024 07:31:21 -0500 Subject: nixos: remove root password --- modules/nixos/traits/tailscale.nix | 49 +++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 22 deletions(-) (limited to 'modules/nixos/traits/tailscale.nix') diff --git a/modules/nixos/traits/tailscale.nix b/modules/nixos/traits/tailscale.nix index b432ced..a7d8c06 100644 --- a/modules/nixos/traits/tailscale.nix +++ b/modules/nixos/traits/tailscale.nix @@ -16,33 +16,38 @@ in { }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - networking.firewall = - { - trustedInterfaces = ["tailscale0"]; - } - // lib.optionalAttrs cfg.ssh.enable { - allowedTCPPorts = [22]; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + networking.firewall = { + trustedInterfaces = [config.services.tailscale.interfaceName]; }; - services.tailscale = - { + services.tailscale = { enable = true; openFirewall = true; - } - // lib.optionalAttrs cfg.ssh.enable { + }; + } + + (lib.mkIf cfg.ssh.enable { + networking.firewall = { + allowedTCPPorts = [22]; + }; + + services.tailscale = { extraUpFlags = ["--ssh"]; - } - // lib.optionalAttrs cfg.manageSecrets { - authKeyFile = config.age.secrets.tailscaleAuthKey.path; }; - } + }) - (lib.mkIf cfg.manageSecrets { - age.secrets = lib.mkIf cfg.manageSecrets { - tailscaleAuthKey.file = "${secretsDir}/tailscaleAuthKey.age"; - }; - }) - ]); + (lib.mkIf cfg.manageSecrets { + age.secrets = lib.mkIf cfg.manageSecrets { + tailscaleAuthKey.file = "${secretsDir}/tailscaleAuthKey.age"; + }; + + services.tailscale = { + authKeyFile = config.age.secrets.tailscaleAuthKey.path; + }; + }) + ] + ); } -- cgit v1.2.3