1
0
Fork 0

tailscale: use agenix

This commit is contained in:
Daniel Kempkens 2023-04-04 15:05:39 +02:00
parent 43ff628e80
commit 56d0e7b9fa
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
8 changed files with 43 additions and 3 deletions

View file

@ -3,5 +3,9 @@
user-daniel-password = { user-daniel-password = {
file = ./user/danielPassword.age; file = ./user/danielPassword.age;
}; };
tailscale-authkey = {
file = ./tailscale/authkey.age;
};
}; };
} }

View file

@ -0,0 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyA0RWxY
emZBSTBlQ1hTRkhDaU9HaS9JMUpCaWRYcHB1enh2TGRUcmFwZDFrCmdkZDRMY0hz
MS9ERy9kcndQVC8wRzhZK1JWNGlobzcralBzSjdZTGNSSk0KLT4gc3NoLWVkMjU1
MTkgc1ZmNkNBIGJqRHI1R2J3dTVlUmhXNW1JaTNvNTNBcVJyTmhuVlcydlhiS1Vn
ZkVyaVUKUWJjNG83YmNmV0wwcVd1L3o4bzh4aFBjNGI1NzJYUGtKME01MDBkOEYr
cwotPiAyaTEtZ3JlYXNlICYpR08jeiB7LCVNc0R4TyBSdGFnU0wgMT49d0hmdApW
N1pieTVZd3U0NVJ6VXR1dFlvSmtRVFp3Yi9SSmpxdStNTVE5SE80ZUs5RDhlNUI5
bDI5eE45NWROdTJPVE9FCkQyUUVyZkhYVldEUVlqcHFBK1ZhCi0tLSA0VVBZR2c2
TTBIb1hTWnM0TzRpUzRqZUp2QlpLWDQ0ZUJIcFhKUWMrR0Y4Ci83j/AYh3pgxFQA
iaWWkiOCPIAh7J8D6vJhpECGSxrfFlPyzVWSVoCtvFJgcOlsrsm7kUkyisbG3O7I
AqgBfmCyJbkhjMzKl2RbzlV1IGnJeFP/2jFnXGHC6w==
-----END AGE ENCRYPTED FILE-----

View file

@ -6,6 +6,10 @@
group = "acme"; group = "acme";
}; };
tailscale-authkey = {
file = ./tailscale/authkey.age;
};
mastodon-database-password = { mastodon-database-password = {
file = ./mastodon/databasePassword.age; file = ./mastodon/databasePassword.age;
owner = "mastodon"; owner = "mastodon";

View file

@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBGMEx1
MDZxTTlPM3I0OW1jeHFoV1pneDNLUjIvazBZRGhYQ3oxak84RmlnCmRMU2VkMi83
Sy9vTEVoaUpGZEljMEExU05jZmxvS3RZakVTWmhidWxVN1EKLT4gc3NoLWVkMjU1
MTkgTmJWNGh3IFgyS0pZRTRScDU2REppODhQYlZMeENMU1FlbDVzM2UramgyNktR
K3RCdzAKT1QwZVVKa2krZERxeVlqYjQ4WFZBZ1d5eDR5Sm4vZ0hCKzhnNk9Vdjlw
SQotPiAxfThiLWdyZWFzZSBFe0kgPVp4R2IiTSA0bgo2MzU5K0U3UFZqS2NQUDF5
dENQNUNhSkVvdwotLS0geFBEM0d2MHQzdTIrL25Ka21FaGxjUjNpazFhdGJoQ25w
Uk5XS1ZJaHhwcwq968fFE3WeIkYgzqjHkDbJU6t0vBqII6/urAckSzfR/2PIrSJX
1pg/U1U/CnTe15PnIopE9qB7gttNaaec0z6f2lzvYudfIrydhUzr2hHy8rx79XJS
L0CBK+E=
-----END AGE ENCRYPTED FILE-----

View file

@ -11,6 +11,8 @@ in
# sail # sail
"agenix/hosts/sail/acme/credentials.age".publicKeys = sail; "agenix/hosts/sail/acme/credentials.age".publicKeys = sail;
"agenix/hosts/sail/tailscale/authkey.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail; "agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail; "agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail; "agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;
@ -44,4 +46,6 @@ in
# attic # attic
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic; "agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
} }

View file

@ -10,6 +10,8 @@ in
../nixos/ssh.nix ../nixos/ssh.nix
../nixos/git.nix ../nixos/git.nix
../nixos/tailscale.nix
]; ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";

View file

@ -39,7 +39,7 @@ in
../nixos/websites-sail.nix ../nixos/websites-sail.nix
(import ../nixos/tailscale.nix (args // { inherit secret; })) ../nixos/tailscale.nix
../nixos/mosquitto.nix ../nixos/mosquitto.nix

View file

@ -1,4 +1,4 @@
{ pkgs, secret, ... }: { pkgs, config, ... }:
{ {
environment.systemPackages = [ pkgs.tailscale ]; environment.systemPackages = [ pkgs.tailscale ];
@ -25,7 +25,8 @@
fi fi
# otherwise authenticate with tailscale # otherwise authenticate with tailscale
${pkgs.tailscale}/bin/tailscale up -authkey ${secret.tailscale.key} authkey="$(cat ${config.age.secrets.tailscale-authkey.path})"
${pkgs.tailscale}/bin/tailscale up -authkey "$authkey"
''; '';
}; };
} }