neon: cleanup + tailscale
This commit is contained in:
parent
a8a2d4219b
commit
3953597c10
8 changed files with 32 additions and 11 deletions
|
@ -4,6 +4,10 @@
|
||||||
file = ./user/danielPassword.age;
|
file = ./user/danielPassword.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
tailscale-authkey = {
|
||||||
|
file = ./tailscale/authkey.age;
|
||||||
|
};
|
||||||
|
|
||||||
forgejo-actions-token = {
|
forgejo-actions-token = {
|
||||||
file = ./forgejo-actions/token.age;
|
file = ./forgejo-actions/token.age;
|
||||||
};
|
};
|
||||||
|
|
7
agenix/hosts/neon/tailscale/authkey.age
Normal file
7
agenix/hosts/neon/tailscale/authkey.age
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 MtGp6g IpMaz0qI0Ivp7TyqDi4djSNMpER5miWSzBA2UD9AQFY
|
||||||
|
I5RskNS/ivjVePa3PTALthu5j2WSI0IbZVD+JDCTBYY
|
||||||
|
-> ssh-ed25519 60lgJw VScx05bSHq7e1NdNwbAIYSbytDUPe82cKpnOy++ujwk
|
||||||
|
v2e/tqOQPiX/q1S0GNa7ANR68+f71/jKU1WoYPrn0M8
|
||||||
|
--- z7ktAaEVhNL4tvjb1wjRnEfxhH5DZm8kJc1BGrlQzgQ
|
||||||
|
ýt5†r<E280A0>ò“íÂbuŸt [À¼u}’–OÒQ(ÒMÇçÀF'1ôö½™ÜÐ3`Oë0AUÁªúqÂÀ#Åù¿!d–ÎSiæä™<C3A4><…Yø‡ˆÿÊ
|
|
@ -6,8 +6,6 @@
|
||||||
boot = {
|
boot = {
|
||||||
kernelModules = [ "tcp_bbr" ];
|
kernelModules = [ "tcp_bbr" ];
|
||||||
|
|
||||||
blacklistedKernelModules = [ "rtl2832" "dvb_usb_rtl28xxu" "rtl2832_sdr" ];
|
|
||||||
|
|
||||||
kernel.sysctl = {
|
kernel.sysctl = {
|
||||||
"net.core.default_qdisc" = "fq";
|
"net.core.default_qdisc" = "fq";
|
||||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||||
|
|
|
@ -103,6 +103,8 @@ in
|
||||||
# neon
|
# neon
|
||||||
"agenix/hosts/neon/user/danielPassword.age".publicKeys = neon;
|
"agenix/hosts/neon/user/danielPassword.age".publicKeys = neon;
|
||||||
|
|
||||||
|
"agenix/hosts/neon/tailscale/authkey.age".publicKeys = neon;
|
||||||
|
|
||||||
"agenix/hosts/neon/forgejo-actions/token.age".publicKeys = neon;
|
"agenix/hosts/neon/forgejo-actions/token.age".publicKeys = neon;
|
||||||
|
|
||||||
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
|
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
|
||||||
|
|
|
@ -25,7 +25,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
skhdConfig = ''
|
skhdConfig = ''
|
||||||
cmd - return : ${script-open-wezterm}
|
alt + shift - return : ${script-open-wezterm}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,6 +25,8 @@ in
|
||||||
|
|
||||||
../nixos/rtl_433.nix
|
../nixos/rtl_433.nix
|
||||||
|
|
||||||
|
../nixos/tailscale-router.nix
|
||||||
|
|
||||||
../nixos/container.nix
|
../nixos/container.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
{ pkgs, config, ... }:
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
hardware.rtl-sdr.enable = true;
|
||||||
|
|
||||||
systemd.services.rtl_433 = {
|
systemd.services.rtl_433 = {
|
||||||
description = "rtl_433 service";
|
description = "rtl_433 service";
|
||||||
after = [ "mosquitto.service" ];
|
after = [ "mosquitto.service" ];
|
||||||
|
@ -42,12 +44,4 @@
|
||||||
{
|
{
|
||||||
"end0".allowedTCPPorts = mosquittoPorts;
|
"end0".allowedTCPPorts = mosquittoPorts;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
# original RTL2832U vid/pid (hama nano, for example)
|
|
||||||
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
|
|
||||||
|
|
||||||
# RTL2832U OEM vid/pid, e.g. ezcap EzTV668 (E4000), Newsky TV28T (E4000/R820T) etc.
|
|
||||||
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|
14
system/nixos/tailscale-router.nix
Normal file
14
system/nixos/tailscale-router.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./tailscale.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
services.tailscale = {
|
||||||
|
useRoutingFeatures = "server";
|
||||||
|
|
||||||
|
extraUpFlags = [
|
||||||
|
"--advertise-routes"
|
||||||
|
"10.0.0.0/24"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue