neon: cleanup + tailscale

2024-03-21 21:23:04 +01:00 · 2024-03-21 21:23:04 +01:00 · 3953597c10
parent a8a2d4219b
commit 3953597c10
8 changed files with 32 additions and 11 deletions
--- a/agenix/hosts/neon/config.nix
+++ b/agenix/hosts/neon/config.nix
@ -4,6 +4,10 @@
      file = ./user/danielPassword.age;
    };
    tailscale-authkey = {
      file = ./tailscale/authkey.age;
    };
    forgejo-actions-token = {
      file = ./forgejo-actions/token.age;
    };
--- a/agenix/hosts/neon/tailscale/authkey.age
+++ b/agenix/hosts/neon/tailscale/authkey.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 MtGp6g IpMaz0qI0Ivp7TyqDi4djSNMpER5miWSzBA2UD9AQFY
 I5RskNS/ivjVePa3PTALthu5j2WSI0IbZVD+JDCTBYY
 -> ssh-ed25519 60lgJw VScx05bSHq7e1NdNwbAIYSbytDUPe82cKpnOy++ujwk
 v2e/tqOQPiX/q1S0GNa7ANR68+f71/jKU1WoYPrn0M8
 --- z7ktAaEVhNL4tvjb1wjRnEfxhH5DZm8kJc1BGrlQzgQ
 ýt5†r<E280A0>ò“íÂbuŸt [À¼u}’–OÒQ(ÒMÇçÀF'1ôö½™ÜÐ3`Oë0AUÁªúqÂÀ#Åù¿!d–ÎSiæä™<C3A4><…Yø‡ˆÿÊ
--- a/hardware/hosts/neon.nix
+++ b/hardware/hosts/neon.nix
@ -6,8 +6,6 @@
  boot = {
    kernelModules = [ "tcp_bbr" ];
    blacklistedKernelModules = [ "rtl2832" "dvb_usb_rtl28xxu" "rtl2832_sdr" ];
    kernel.sysctl = {
      "net.core.default_qdisc" = "fq";
      "net.ipv4.tcp_congestion_control" = "bbr";
--- a/secrets.nix
+++ b/secrets.nix
@ -103,6 +103,8 @@ in
  # neon 
  "agenix/hosts/neon/user/danielPassword.age".publicKeys = neon;
  "agenix/hosts/neon/tailscale/authkey.age".publicKeys = neon;
  "agenix/hosts/neon/forgejo-actions/token.age".publicKeys = neon;
  "agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
--- a/system/darwin/skhd.nix
+++ b/system/darwin/skhd.nix
@ -25,7 +25,7 @@ in
    enable = true;
    skhdConfig = ''
-      cmd - return : ${script-open-wezterm}
+      alt + shift - return : ${script-open-wezterm}
    '';
  };
 }
--- a/system/hosts/neon.nix
+++ b/system/hosts/neon.nix
@ -25,6 +25,8 @@ in
    ../nixos/rtl_433.nix
    ../nixos/tailscale-router.nix
    ../nixos/container.nix
  ];
--- a/system/nixos/rtl_433.nix
+++ b/system/nixos/rtl_433.nix
@ -1,6 +1,8 @@
 { pkgs, config, ... }:
 {
  hardware.rtl-sdr.enable = true;
  systemd.services.rtl_433 = {
    description = "rtl_433 service";
    after = [ "mosquitto.service" ];
@ -42,12 +44,4 @@
    {
      "end0".allowedTCPPorts = mosquittoPorts;
    };
  services.udev.extraRules = ''
    # original RTL2832U vid/pid (hama nano, for example)
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
    # RTL2832U OEM vid/pid, e.g. ezcap EzTV668 (E4000), Newsky TV28T (E4000/R820T) etc.
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
  '';
 }
--- a/system/nixos/tailscale-router.nix
+++ b/system/nixos/tailscale-router.nix
@ -0,0 +1,14 @@
 {
  imports = [
    ./tailscale.nix
  ];
  services.tailscale = {
    useRoutingFeatures = "server";
    extraUpFlags = [
      "--advertise-routes"
      "10.0.0.0/24"
    ];
  };
 }