tailscale: use agenix
This commit is contained in:
parent
43ff628e80
commit
56d0e7b9fa
8 changed files with 43 additions and 3 deletions
|
@ -3,5 +3,9 @@
|
||||||
user-daniel-password = {
|
user-daniel-password = {
|
||||||
file = ./user/danielPassword.age;
|
file = ./user/danielPassword.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
tailscale-authkey = {
|
||||||
|
file = ./tailscale/authkey.age;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
13
agenix/hosts/attic/tailscale/authkey.age
Normal file
13
agenix/hosts/attic/tailscale/authkey.age
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyA0RWxY
|
||||||
|
emZBSTBlQ1hTRkhDaU9HaS9JMUpCaWRYcHB1enh2TGRUcmFwZDFrCmdkZDRMY0hz
|
||||||
|
MS9ERy9kcndQVC8wRzhZK1JWNGlobzcralBzSjdZTGNSSk0KLT4gc3NoLWVkMjU1
|
||||||
|
MTkgc1ZmNkNBIGJqRHI1R2J3dTVlUmhXNW1JaTNvNTNBcVJyTmhuVlcydlhiS1Vn
|
||||||
|
ZkVyaVUKUWJjNG83YmNmV0wwcVd1L3o4bzh4aFBjNGI1NzJYUGtKME01MDBkOEYr
|
||||||
|
cwotPiAyaTEtZ3JlYXNlICYpR08jeiB7LCVNc0R4TyBSdGFnU0wgMT49d0hmdApW
|
||||||
|
N1pieTVZd3U0NVJ6VXR1dFlvSmtRVFp3Yi9SSmpxdStNTVE5SE80ZUs5RDhlNUI5
|
||||||
|
bDI5eE45NWROdTJPVE9FCkQyUUVyZkhYVldEUVlqcHFBK1ZhCi0tLSA0VVBZR2c2
|
||||||
|
TTBIb1hTWnM0TzRpUzRqZUp2QlpLWDQ0ZUJIcFhKUWMrR0Y4Ci83j/AYh3pgxFQA
|
||||||
|
iaWWkiOCPIAh7J8D6vJhpECGSxrfFlPyzVWSVoCtvFJgcOlsrsm7kUkyisbG3O7I
|
||||||
|
AqgBfmCyJbkhjMzKl2RbzlV1IGnJeFP/2jFnXGHC6w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
|
@ -6,6 +6,10 @@
|
||||||
group = "acme";
|
group = "acme";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
tailscale-authkey = {
|
||||||
|
file = ./tailscale/authkey.age;
|
||||||
|
};
|
||||||
|
|
||||||
mastodon-database-password = {
|
mastodon-database-password = {
|
||||||
file = ./mastodon/databasePassword.age;
|
file = ./mastodon/databasePassword.age;
|
||||||
owner = "mastodon";
|
owner = "mastodon";
|
||||||
|
|
12
agenix/hosts/sail/tailscale/authkey.age
Normal file
12
agenix/hosts/sail/tailscale/authkey.age
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBGMEx1
|
||||||
|
MDZxTTlPM3I0OW1jeHFoV1pneDNLUjIvazBZRGhYQ3oxak84RmlnCmRMU2VkMi83
|
||||||
|
Sy9vTEVoaUpGZEljMEExU05jZmxvS3RZakVTWmhidWxVN1EKLT4gc3NoLWVkMjU1
|
||||||
|
MTkgTmJWNGh3IFgyS0pZRTRScDU2REppODhQYlZMeENMU1FlbDVzM2UramgyNktR
|
||||||
|
K3RCdzAKT1QwZVVKa2krZERxeVlqYjQ4WFZBZ1d5eDR5Sm4vZ0hCKzhnNk9Vdjlw
|
||||||
|
SQotPiAxfThiLWdyZWFzZSBFe0kgPVp4R2IiTSA0bgo2MzU5K0U3UFZqS2NQUDF5
|
||||||
|
dENQNUNhSkVvdwotLS0geFBEM0d2MHQzdTIrL25Ka21FaGxjUjNpazFhdGJoQ25w
|
||||||
|
Uk5XS1ZJaHhwcwq968fFE3WeIkYgzqjHkDbJU6t0vBqII6/urAckSzfR/2PIrSJX
|
||||||
|
1pg/U1U/CnTe15PnIopE9qB7gttNaaec0z6f2lzvYudfIrydhUzr2hHy8rx79XJS
|
||||||
|
L0CBK+E=
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
|
@ -11,6 +11,8 @@ in
|
||||||
# sail
|
# sail
|
||||||
"agenix/hosts/sail/acme/credentials.age".publicKeys = sail;
|
"agenix/hosts/sail/acme/credentials.age".publicKeys = sail;
|
||||||
|
|
||||||
|
"agenix/hosts/sail/tailscale/authkey.age".publicKeys = sail;
|
||||||
|
|
||||||
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
|
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
|
||||||
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
|
"agenix/hosts/sail/mastodon/smtpPassword.age".publicKeys = sail;
|
||||||
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;
|
"agenix/hosts/sail/mastodon/otpSecret.age".publicKeys = sail;
|
||||||
|
@ -44,4 +46,6 @@ in
|
||||||
|
|
||||||
# attic
|
# attic
|
||||||
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
|
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
|
||||||
|
|
||||||
|
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,8 @@ in
|
||||||
../nixos/ssh.nix
|
../nixos/ssh.nix
|
||||||
|
|
||||||
../nixos/git.nix
|
../nixos/git.nix
|
||||||
|
|
||||||
|
../nixos/tailscale.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
|
|
|
@ -39,7 +39,7 @@ in
|
||||||
|
|
||||||
../nixos/websites-sail.nix
|
../nixos/websites-sail.nix
|
||||||
|
|
||||||
(import ../nixos/tailscale.nix (args // { inherit secret; }))
|
../nixos/tailscale.nix
|
||||||
|
|
||||||
../nixos/mosquitto.nix
|
../nixos/mosquitto.nix
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, secret, ... }:
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
environment.systemPackages = [ pkgs.tailscale ];
|
environment.systemPackages = [ pkgs.tailscale ];
|
||||||
|
@ -25,7 +25,8 @@
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# otherwise authenticate with tailscale
|
# otherwise authenticate with tailscale
|
||||||
${pkgs.tailscale}/bin/tailscale up -authkey ${secret.tailscale.key}
|
authkey="$(cat ${config.age.secrets.tailscale-authkey.path})"
|
||||||
|
${pkgs.tailscale}/bin/tailscale up -authkey "$authkey"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue