From 3953597c1063125885ac39996d85771097b6db6a Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Thu, 21 Mar 2024 21:23:04 +0100 Subject: [PATCH] neon: cleanup + tailscale --- agenix/hosts/neon/config.nix | 4 ++++ agenix/hosts/neon/tailscale/authkey.age | 7 +++++++ hardware/hosts/neon.nix | 2 -- secrets.nix | 2 ++ system/darwin/skhd.nix | 2 +- system/hosts/neon.nix | 2 ++ system/nixos/rtl_433.nix | 10 ++-------- system/nixos/tailscale-router.nix | 14 ++++++++++++++ 8 files changed, 32 insertions(+), 11 deletions(-) create mode 100644 agenix/hosts/neon/tailscale/authkey.age create mode 100644 system/nixos/tailscale-router.nix diff --git a/agenix/hosts/neon/config.nix b/agenix/hosts/neon/config.nix index 7681544..58f600e 100644 --- a/agenix/hosts/neon/config.nix +++ b/agenix/hosts/neon/config.nix @@ -4,6 +4,10 @@ file = ./user/danielPassword.age; }; + tailscale-authkey = { + file = ./tailscale/authkey.age; + }; + forgejo-actions-token = { file = ./forgejo-actions/token.age; }; diff --git a/agenix/hosts/neon/tailscale/authkey.age b/agenix/hosts/neon/tailscale/authkey.age new file mode 100644 index 0000000..cce9217 --- /dev/null +++ b/agenix/hosts/neon/tailscale/authkey.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g IpMaz0qI0Ivp7TyqDi4djSNMpER5miWSzBA2UD9AQFY +I5RskNS/ivjVePa3PTALthu5j2WSI0IbZVD+JDCTBYY +-> ssh-ed25519 60lgJw VScx05bSHq7e1NdNwbAIYSbytDUPe82cKpnOy++ujwk +v2e/tqOQPiX/q1S0GNa7ANR68+f71/jKU1WoYPrn0M8 +--- z7ktAaEVhNL4tvjb1wjRnEfxhH5DZm8kJc1BGrlQzgQ +t5rbut [u}OQ(MF'13`O0AUq#!dSi䙝<Y \ No newline at end of file diff --git a/hardware/hosts/neon.nix b/hardware/hosts/neon.nix index 9c05314..5104f78 100644 --- a/hardware/hosts/neon.nix +++ b/hardware/hosts/neon.nix @@ -6,8 +6,6 @@ boot = { kernelModules = [ "tcp_bbr" ]; - blacklistedKernelModules = [ "rtl2832" "dvb_usb_rtl28xxu" "rtl2832_sdr" ]; - kernel.sysctl = { "net.core.default_qdisc" = "fq"; "net.ipv4.tcp_congestion_control" = "bbr"; diff --git a/secrets.nix b/secrets.nix index 733e37e..7558681 100644 --- a/secrets.nix +++ b/secrets.nix @@ -103,6 +103,8 @@ in # neon "agenix/hosts/neon/user/danielPassword.age".publicKeys = neon; + "agenix/hosts/neon/tailscale/authkey.age".publicKeys = neon; + "agenix/hosts/neon/forgejo-actions/token.age".publicKeys = neon; "agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon; diff --git a/system/darwin/skhd.nix b/system/darwin/skhd.nix index ca83f32..c89e0c6 100644 --- a/system/darwin/skhd.nix +++ b/system/darwin/skhd.nix @@ -25,7 +25,7 @@ in enable = true; skhdConfig = '' - cmd - return : ${script-open-wezterm} + alt + shift - return : ${script-open-wezterm} ''; }; } diff --git a/system/hosts/neon.nix b/system/hosts/neon.nix index 8b996a2..459011f 100644 --- a/system/hosts/neon.nix +++ b/system/hosts/neon.nix @@ -25,6 +25,8 @@ in ../nixos/rtl_433.nix + ../nixos/tailscale-router.nix + ../nixos/container.nix ]; diff --git a/system/nixos/rtl_433.nix b/system/nixos/rtl_433.nix index 71e7b6a..c2f3896 100644 --- a/system/nixos/rtl_433.nix +++ b/system/nixos/rtl_433.nix @@ -1,6 +1,8 @@ { pkgs, config, ... }: { + hardware.rtl-sdr.enable = true; + systemd.services.rtl_433 = { description = "rtl_433 service"; after = [ "mosquitto.service" ]; @@ -42,12 +44,4 @@ { "end0".allowedTCPPorts = mosquittoPorts; }; - - services.udev.extraRules = '' - # original RTL2832U vid/pid (hama nano, for example) - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev" - - # RTL2832U OEM vid/pid, e.g. ezcap EzTV668 (E4000), Newsky TV28T (E4000/R820T) etc. - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev" - ''; } diff --git a/system/nixos/tailscale-router.nix b/system/nixos/tailscale-router.nix new file mode 100644 index 0000000..d44362c --- /dev/null +++ b/system/nixos/tailscale-router.nix @@ -0,0 +1,14 @@ +{ + imports = [ + ./tailscale.nix + ]; + + services.tailscale = { + useRoutingFeatures = "server"; + + extraUpFlags = [ + "--advertise-routes" + "10.0.0.0/24" + ]; + }; +}