neon: cleanup + tailscale

2024-03-21 21:23:04 +01:00 · 2024-03-21 21:23:04 +01:00 · 3953597c10
commit 3953597c10
parent a8a2d4219b
8 changed files with 32 additions and 11 deletions
--- a/agenix/hosts/neon/config.nix
+++ b/agenix/hosts/neon/config.nix
@ -4,6 +4,10 @@
      file = ./user/danielPassword.age;
    };

+    tailscale-authkey = {
+      file = ./tailscale/authkey.age;
+    };
+
    forgejo-actions-token = {
      file = ./forgejo-actions/token.age;
    };
--- a/agenix/hosts/neon/tailscale/authkey.age
+++ b/agenix/hosts/neon/tailscale/authkey.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 MtGp6g IpMaz0qI0Ivp7TyqDi4djSNMpER5miWSzBA2UD9AQFY
+I5RskNS/ivjVePa3PTALthu5j2WSI0IbZVD+JDCTBYY
+-> ssh-ed25519 60lgJw VScx05bSHq7e1NdNwbAIYSbytDUPe82cKpnOy++ujwk
+v2e/tqOQPiX/q1S0GNa7ANR68+f71/jKU1WoYPrn0M8
+--- z7ktAaEVhNL4tvjb1wjRnEfxhH5DZm8kJc1BGrlQzgQ
+ýt5†r<E280A0>ò“íÂbuŸt [À¼u}’–OÒQ(ÒMÇçÀF'1ôö½™ÜÐ3`Oë0AUÁªúqÂÀ#Åù¿!d–ÎSiæä™<C3A4><…Yø‡ˆÿÊ
--- a/hardware/hosts/neon.nix
+++ b/hardware/hosts/neon.nix
@ -6,8 +6,6 @@
  boot = {
    kernelModules = [ "tcp_bbr" ];

-    blacklistedKernelModules = [ "rtl2832" "dvb_usb_rtl28xxu" "rtl2832_sdr" ];
-
    kernel.sysctl = {
      "net.core.default_qdisc" = "fq";
      "net.ipv4.tcp_congestion_control" = "bbr";
--- a/secrets.nix
+++ b/secrets.nix
@ -103,6 +103,8 @@ in
  # neon 
  "agenix/hosts/neon/user/danielPassword.age".publicKeys = neon;

+  "agenix/hosts/neon/tailscale/authkey.age".publicKeys = neon;
+
  "agenix/hosts/neon/forgejo-actions/token.age".publicKeys = neon;

  "agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
--- a/system/darwin/skhd.nix
+++ b/system/darwin/skhd.nix
@ -25,7 +25,7 @@ in
    enable = true;

    skhdConfig = ''
-      cmd - return : ${script-open-wezterm}
+      alt + shift - return : ${script-open-wezterm}
    '';
  };
 }
--- a/system/hosts/neon.nix
+++ b/system/hosts/neon.nix
@ -25,6 +25,8 @@ in

    ../nixos/rtl_433.nix

+    ../nixos/tailscale-router.nix
+
    ../nixos/container.nix
  ];

--- a/system/nixos/rtl_433.nix
+++ b/system/nixos/rtl_433.nix
@ -1,6 +1,8 @@
 { pkgs, config, ... }:

 {
+  hardware.rtl-sdr.enable = true;
+
  systemd.services.rtl_433 = {
    description = "rtl_433 service";
    after = [ "mosquitto.service" ];
@ -42,12 +44,4 @@
    {
      "end0".allowedTCPPorts = mosquittoPorts;
    };
-
-  services.udev.extraRules = ''
-    # original RTL2832U vid/pid (hama nano, for example)
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
-
-    # RTL2832U OEM vid/pid, e.g. ezcap EzTV668 (E4000), Newsky TV28T (E4000/R820T) etc.
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
-  '';
 }
--- a/system/nixos/tailscale-router.nix
+++ b/system/nixos/tailscale-router.nix
@ -0,0 +1,14 @@
+{
+  imports = [
+    ./tailscale.nix
+  ];
+
+  services.tailscale = {
+    useRoutingFeatures = "server";
+
+    extraUpFlags = [
+      "--advertise-routes"
+      "10.0.0.0/24"
+    ];
+  };
+}