all: switch from tailscale to headscale
This commit is contained in:
parent
178b0e28ca
commit
b438a36f3b
28 changed files with 222 additions and 126 deletions
Binary file not shown.
|
@ -1,10 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g WF7NACS4+2IWcLmDTjbiXQsI93ZUDUeofMg6eYwXyRM
|
||||
xy71RLaW5MwZU69EP4A4x9SSTLsv2vINzdjPZbHUJ+8
|
||||
-> ssh-ed25519 Y94Yig nCe73IOsZbRmWpGBAg26zTkTP3GC3FnpmS7UujJkTyU
|
||||
kY6qLgHIH+5bUTKDTqcak2r2l15XNJR2Hm7uCk1OxGM
|
||||
-> F>J-grease @@cdP
|
||||
NHDpMlW3kAJD9b/YgQkciZs7IILSWIFi0LY5L6j3IaQp1QTU1xQRzGs0QpH2jYCs
|
||||
6UIr2dIfw/qc9Q8IGeOYJvHXfjtw
|
||||
--- l+vCsTsawEm3J0DqduySW+9k3YMqa0iSHMoo/7Kk9xo
|
||||
i(èA]÷‚b ÖÍ“gônÑ:
#|<7C>=Kcµ4ƒ…¥ˆ „Rê<52>X:‡#D.~í<=Ës«KžËÖbøþ>ž.À¹ˆ]"ãôV$<24>C廊(ôÚ͹Øÿ
|
||||
-> ssh-ed25519 MtGp6g f+HNEy02C/zWGNsrPpPzJiZc2JvRDH6L5vNqd3Hh2Tk
|
||||
U2BMb3YczFvYe2EXsRpg+L4GRJ8cwYNPXmEqwHZj2Us
|
||||
-> ssh-ed25519 Y94Yig HXut7W1n8I/PjISX8+wCAddIg3509V3Z4pw0KcBilGo
|
||||
LW4jo71cZ6oHu0UnnikI0iEM17HlhUHFz02eO/ZAAnU
|
||||
-> $vz-grease
|
||||
uKSVRbtXjOS6mUAzvk9xa3JWgWmktEmNHO6NPalag3C8OULWzDWPsGNaTpY/OCV+
|
||||
Re5Uq458B62NwvLlLbw
|
||||
--- /wV5Bm3A43iFaxc6VAq8YJAei/PDFLCAzMz/TpXmRKA
|
||||
™÷ÎŻ
žĹłIXă›xżJ|´”ÖEx×=n0J™{ŮNôŐ¶·±h'ÇĎ0š˛Ń}q<>ófhą;ĚyČ0ÄDJmáQ(‚ç<E2809A>'źă'EÜą3
|
|
@ -31,6 +31,18 @@
|
|||
file = ./forgejo-actions/token.age;
|
||||
};
|
||||
|
||||
headscale-database-password = {
|
||||
file = ./headscale/dbPassword.age;
|
||||
owner = "headscale";
|
||||
group = "headscale";
|
||||
};
|
||||
|
||||
headscale-acls = {
|
||||
file = ./headscale/acls.age;
|
||||
owner = "headscale";
|
||||
group = "headscale";
|
||||
};
|
||||
|
||||
linkding-environment = {
|
||||
file = ./linkding/environment.age;
|
||||
};
|
||||
|
|
BIN
agenix/hosts/tanker/headscale/acls.age
Normal file
BIN
agenix/hosts/tanker/headscale/acls.age
Normal file
Binary file not shown.
11
agenix/hosts/tanker/headscale/dbPassword.age
Normal file
11
agenix/hosts/tanker/headscale/dbPassword.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g Ksx8IgaAlR47n4KH6gqrFa0/LTbJdng+Y4LyaIyUoHM
|
||||
Us/MXus/dEo5z3q9Un44jGgAPOQmQABhSvEEFbSNZaY
|
||||
-> ssh-ed25519 iO8/4g bb5CMC4W+/8LqXV4wo5lL/pEPiDv8aTB2JTP4WAU8RI
|
||||
zUDaW+pIBLWzNpeoRnSVTrs0FzCzGp88xOJQCJ23Abg
|
||||
-> 9Avzmsce-grease *| wURxw
|
||||
N/PIH4VmQp68zcOwFozdd/46yiXa7YT3kughflU+PnxACswnu0r56YYEoU40lPqV
|
||||
kIdUiACfIFkXByDvS4Xt/WlT4X9Ncu0LCEzMZhnT4HQtL8lVMMAWqm6BdDDn4yBs
|
||||
VuA
|
||||
--- EN7FwLG8kh/pxDa8gJyFwccM3ew8LqhmJDN7TTVMiSE
|
||||
”+lûáÿ1÷ccœõ’:cnGÄÎüá=+Þ´Ä `'‚Ãô>AÄ0q z*çÕe0D¶D
|
|
@ -1,10 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g 8/VvalpTjMjXQYaGZiNTJ/UyXXcgaaKXT46+sn2IuC0
|
||||
eH+i//7AQiJ9KSD8NUkAd6CL6G6wuPeWBYLaUVUkH1s
|
||||
-> ssh-ed25519 iO8/4g B9Tzo0djfjhV5wDj3i6JZseYJth+zIxkfbbMDuK8y3s
|
||||
Wgokb9VVhd49riNZZ1JxuCGX1MgwzGr1Yqju475U0YA
|
||||
-> 4S?&lGG-grease ? {z[+;U.< l8P&' !'eh+
|
||||
mEhY97w5jF9ubheu6mx4puGrqsUyPxwGLhiwMjr5YLLwR5Hnj9xRY40UHGdng1H1
|
||||
ssoX94PaJQN2YwwMSa8WudBhe2hAP7cWpH8tFMH6u/exmGO4UA
|
||||
--- x1cfStmTuQb1xfYJ5DazYeAhjA1JcHZJF7Z4dhy2V58
|
||||
Åú´ÌXK†eµtš0ùM(QiœB-7ÒxgG<67>NÁ¿ŠÀéBXÉ’ÿ\V†ÎØ=GfM§KÀèÀšé.<2E>$+ÿÂË'‹ØŸ;Ó€¨›ôdÈMÇrǯ¢H
|
||||
-> ssh-ed25519 MtGp6g 4pT/Mw3rQ4Fce6O8VQUg0iiwm5a2uTkBLtGuyhWrtHE
|
||||
uc2ECQhpzARnywarhHF7yQa6SY7DYg7q6f4GaWxIJsA
|
||||
-> ssh-ed25519 iO8/4g ZuFmCVHKMjwtchVw/MXr3OEOIuXMmB3OJcVjeXf6kQg
|
||||
g8JMv21lAtoogNITlpSfa4yfQP0ouqD961OcoYXbWBA
|
||||
-> 'D~T-grease L<0z6X|I ~0ki Z,Vsm !LvoC'*
|
||||
|
||||
--- k/qNUN24AQe4kouuHkT1wbnUkJnXIPOBH9suI/ZX4ow
|
||||
ܼjY>¸=ÓqÒâ¿M‘¾u-ÖÙÍBi+þ†—˜¢=Ì/!KÎa”ñ³íÝêD‹jëkBØ‹0Ï'<27>sî²a{cŇW)º”ouÚô
|
|
@ -52,7 +52,7 @@
|
|||
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ];
|
||||
|
||||
services.nginx.virtualHosts."tictac.daniel.sx" = {
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
|
|
73
flake.lock
73
flake.lock
|
@ -109,11 +109,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695039393,
|
||||
"narHash": "sha256-HXvRPTSfQ/fCqxYGvWOc1duSBdXcQlrYvyno8YZbyHI=",
|
||||
"lastModified": 1695204792,
|
||||
"narHash": "sha256-8hsi2L8e5EiWZBcbjmKTDWXXLsi4BOC2FEjaZFPdjWo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "9f29cedac79d0acf07b6341f9112f46dec3abb8f",
|
||||
"rev": "f43f106e91fe4f6591cf80cc5c8179e841c6e922",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -300,11 +300,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695069742,
|
||||
"narHash": "sha256-wKL5C+TqmqkPeDZ9E6dGEGUln3LJ0EmiVkG8MDLo6vE=",
|
||||
"lastModified": 1695224363,
|
||||
"narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "f092a9220220e390c76605b6c4e2238774050f8b",
|
||||
"rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -323,11 +323,11 @@
|
|||
},
|
||||
"locked": {
|
||||
"dir": "contrib",
|
||||
"lastModified": 1695010592,
|
||||
"narHash": "sha256-TbYvLxmx2O6d/oVCG+yHpSg1ZJZRsq4PRVZFV0AOhrg=",
|
||||
"lastModified": 1695293905,
|
||||
"narHash": "sha256-vwuytAB/nKLQQ1itTN/Bh1bsRjf31fP/MHNbQkn01DQ=",
|
||||
"owner": "neovim",
|
||||
"repo": "neovim",
|
||||
"rev": "9cadbf1d36b63f53f0de48c8c5ff6c752ff05d70",
|
||||
"rev": "5e43a4ce4d973677172519a50e4f6f49e6dd4a2b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -346,11 +346,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695020316,
|
||||
"narHash": "sha256-DTVi6jrCNcR1xWzZVru5FecLK3Az0+eTR8IoJRLteUI=",
|
||||
"lastModified": 1695306705,
|
||||
"narHash": "sha256-20Li8SnO/ByNkYWmfrx7KDUQftz/2tnRSYGAXACzVMo=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "d5ed014c12239f9b76cf5aeb80002ae9f74b227a",
|
||||
"revCount": 494,
|
||||
"rev": "1845949793f5a16d5ab6c7c1bc4c9c7eed229b71",
|
||||
"revCount": 496,
|
||||
"type": "git",
|
||||
"url": "https://git.kempkens.io/daniel/nix-overlay"
|
||||
},
|
||||
|
@ -366,11 +366,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694810318,
|
||||
"narHash": "sha256-LuvrVj2oj9TzdnnwtQUClqcXjpgwCP01FFVBM7azGV8=",
|
||||
"lastModified": 1695114819,
|
||||
"narHash": "sha256-/aIfbZxP39QZ8m7qX2RzQTy5PWzz2e22cCcZ+AOO7lA=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "80bb201f4925cdda5a7a3c7b1900fb26bb2af2e8",
|
||||
"rev": "afeddc412b3a3b0e7c9ef7ea5fbdf2186781d102",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -381,11 +381,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1695033975,
|
||||
"narHash": "sha256-GIUxbgLBhVyaKRxQw/NWYFLx7/jbKW3+U0HoSsMLPAs=",
|
||||
"lastModified": 1695109627,
|
||||
"narHash": "sha256-4rpyoVzmunIG6xWA/EonnSSqC69bDBzciFi6SjBze/0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "161b027169b19d3a0ad6bd0a8948edf0c0fb0f64",
|
||||
"rev": "cb4dc98f776ddb6af165e6f06b2902efe31ca67a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -397,11 +397,11 @@
|
|||
},
|
||||
"nixos-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1694767346,
|
||||
"narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=",
|
||||
"lastModified": 1695145219,
|
||||
"narHash": "sha256-Eoe9IHbvmo5wEDeJXKFOpKUwxYJIOxKUesounVccNYk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ace5093e36ab1e95cb9463863491bee90d5a4183",
|
||||
"rev": "5ba549eafcf3e33405e5f66decd1a72356632b96",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -413,11 +413,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1694948089,
|
||||
"narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
|
||||
"lastModified": 1695132891,
|
||||
"narHash": "sha256-cJR9AFHmt816cW/C9necLJyOg/gsnkvEeFAfxgeM1hc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
|
||||
"rev": "8b5ab8341e33322e5b66fb46ce23d724050f6606",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -463,6 +463,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-master": {
|
||||
"locked": {
|
||||
"lastModified": 1695306240,
|
||||
"narHash": "sha256-MsVESu3+HK9cZZ7755uT26n1REpNRgC3Ry7keQ0dIcU=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d9c6fcb483ae66621c1dd382cdd939493b8712d0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "master",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1685004253,
|
||||
|
@ -533,6 +549,7 @@
|
|||
"nixos-hardware": "nixos-hardware",
|
||||
"nixos-unstable": "nixos-unstable",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-master": "nixpkgs-master",
|
||||
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
}
|
||||
|
@ -601,11 +618,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694528738,
|
||||
"narHash": "sha256-aWMEjib5oTqEzF9f3WXffC1cwICo6v/4dYKjwNktV8k=",
|
||||
"lastModified": 1695290086,
|
||||
"narHash": "sha256-ol6licpIAzc9oMsEai/9YZhgSMcrnlnD/3ulMLGNKL0=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "7a49c388d7a6b63bb551b1ddedfa4efab8f400d8",
|
||||
"rev": "e951529be2e7c669487de78f5aef8597bbae5fca",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
|
||||
nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
# nixpkgs-master.url = "github:nixos/nixpkgs/master";
|
||||
nixpkgs-master.url = "github:nixos/nixpkgs/master";
|
||||
|
||||
# Tools
|
||||
|
||||
|
@ -76,7 +76,7 @@
|
|||
tanker = import ./system/flakes/tanker.nix {
|
||||
nixpkgs = inputs.nixos-unstable;
|
||||
|
||||
inherit (inputs) disko deploy-rs home-manager agenix attic;
|
||||
inherit (inputs) nixpkgs-master disko deploy-rs home-manager agenix attic;
|
||||
inherit inputs;
|
||||
};
|
||||
|
||||
|
|
|
@ -63,12 +63,12 @@ in
|
|||
};
|
||||
yanky-nvim = buildVimPluginFrom2Nix {
|
||||
pname = "yanky.nvim";
|
||||
version = "2023-09-11";
|
||||
version = "2023-09-19";
|
||||
src = fetchFromGitHub {
|
||||
owner = "gbprod";
|
||||
repo = "yanky.nvim";
|
||||
rev = "4c85d8d6808d9859e72f8bd6c25302199e6a5eac";
|
||||
sha256 = "0ph1mc7nlfsx0aaybnvg6wwpx7hv2ks621qkjcrl3hf8dbc173xs";
|
||||
rev = "4f5f15829fbad15ed703e7cb072cdf2a488cf5e7";
|
||||
sha256 = "0gqzaifbvaj7l9x3l5m2wwn52r2a3giysdbzvmnkyjkj53jn3ya6";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -118,12 +118,12 @@ in
|
|||
};
|
||||
nvim-treesitter = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-treesitter";
|
||||
version = "2023-09-18";
|
||||
version = "2023-09-21";
|
||||
src = fetchFromGitHub {
|
||||
owner = "nvim-treesitter";
|
||||
repo = "nvim-treesitter";
|
||||
rev = "b4f6dd72980607a9821d24502b0ca7ee826376af";
|
||||
sha256 = "0x7zzly5syr8ssih0d9y9farji2lxk4mlwimv6sh1w99jacwxj8l";
|
||||
rev = "b7f2dd5dfbd24a1239844e15637b637b990df164";
|
||||
sha256 = "199hp19b8wp9fxzcb7pakcs4djbsnghbkv5914llc57w6ybhdqdb";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -162,12 +162,12 @@ in
|
|||
};
|
||||
telescope-nvim = buildVimPluginFrom2Nix {
|
||||
pname = "telescope.nvim";
|
||||
version = "2023-09-16";
|
||||
version = "2023-09-20";
|
||||
src = fetchFromGitHub {
|
||||
owner = "nvim-telescope";
|
||||
repo = "telescope.nvim";
|
||||
rev = "b543aaa2c9cf8123ed2fe7dbb6c211a9cd415124";
|
||||
sha256 = "0k0jymfkp9n65pb5iak7kf89pl41zr7iwg19ww31j3b814am4pjd";
|
||||
rev = "40c8d2fc2b729dd442eda093cf8c9496d6e23732";
|
||||
sha256 = "08nxnnglli2j07k70xxfjnd02iysr3zbac26xqjv0b1rdn24w9gx";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -242,23 +242,23 @@ in
|
|||
};
|
||||
nvim-lspconfig = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-lspconfig";
|
||||
version = "2023-09-18";
|
||||
version = "2023-09-20";
|
||||
src = fetchFromGitHub {
|
||||
owner = "neovim";
|
||||
repo = "nvim-lspconfig";
|
||||
rev = "f3195835c0447ee2c80152b893ab51ca162b04a9";
|
||||
sha256 = "0mm4s73qcswhjmhq8ija9jg0p1k2jk51g4h9ij36sww76330jnkg";
|
||||
rev = "4266f9bb36b4fb09edd19b67d95043cf7ff88ddf";
|
||||
sha256 = "1fj81152cpcmbbc9vkbv7cr94i0y9hz4gi0bzsar632wrdsni5q0";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
nvim-jdtls = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-jdtls";
|
||||
version = "2023-09-14";
|
||||
version = "2023-09-19";
|
||||
src = fetchFromGitHub {
|
||||
owner = "mfussenegger";
|
||||
repo = "nvim-jdtls";
|
||||
rev = "697b39e3db0e0d0ce9ee4c2df506a4e0386af6c2";
|
||||
sha256 = "0iaccv986r4z1lmfih24dk2ls501bfqw3n7z4h0mwbf7xqm9jml3";
|
||||
rev = "3ca419c52a7c20a2565237db2c110ed68fc7e6f1";
|
||||
sha256 = "1jy5yklfc3fvajy5mqwfi4h6p5bxb71ar1hnck8k8hciggrijhrq";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -286,23 +286,23 @@ in
|
|||
};
|
||||
vim-illuminate = buildVimPluginFrom2Nix {
|
||||
pname = "vim-illuminate";
|
||||
version = "2023-09-12";
|
||||
version = "2023-09-20";
|
||||
src = fetchFromGitHub {
|
||||
owner = "RRethy";
|
||||
repo = "vim-illuminate";
|
||||
rev = "8c910b2f84ae6acd9b4b17330bb94dd783c0c11a";
|
||||
sha256 = "0v6w5lm8f39yg9s3lfh15a2sbw8sr6pfiz6p83fmigrxncvb49cp";
|
||||
rev = "6acf7d4a18255a3ddc43770866c8e148fe85af7b";
|
||||
sha256 = "1vgr5cjvkv7jxiwap7fzlhmpmhs8xmlswbzvi747zsbsgwvrk5yf";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
nvim-lint = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-lint";
|
||||
version = "2023-09-17";
|
||||
version = "2023-09-21";
|
||||
src = fetchFromGitHub {
|
||||
owner = "mfussenegger";
|
||||
repo = "nvim-lint";
|
||||
rev = "3c936d9d28aa5c5d4c90780e1c3430171bdcb3c2";
|
||||
sha256 = "12db99jb2wwbf6j8y1d7q5dgrnr5x11j5x83f72sbl800axlkdvf";
|
||||
rev = "75a837ce983c0fb94c1abd81a11371dc62c404a8";
|
||||
sha256 = "1wq18qamr5a3khyx52jgaz597cbizpc007cv45cffn11q0sy15s4";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -319,12 +319,12 @@ in
|
|||
};
|
||||
LuaSnip = buildVimPluginFrom2Nix {
|
||||
pname = "LuaSnip";
|
||||
version = "2023-09-17";
|
||||
version = "2023-09-21";
|
||||
src = fetchFromGitHub {
|
||||
owner = "L3MON4D3";
|
||||
repo = "LuaSnip";
|
||||
rev = "3657c3f3cb2214a681fc7e95b6ffb509d076ebfb";
|
||||
sha256 = "1w7jzcwkyikl4v5irb5yc0v5vs0k758mdwvgnscc9zzwsg6vs642";
|
||||
rev = "c5fb16a934892086d4ba01bac48b77c65435025e";
|
||||
sha256 = "08gqbwpsqnlvrn11g51h44npfhh1gbxkw55sl7qpa5q3bvh8q5q1";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -462,12 +462,12 @@ in
|
|||
};
|
||||
nvim-autopairs = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-autopairs";
|
||||
version = "2023-09-08";
|
||||
version = "2023-09-19";
|
||||
src = fetchFromGitHub {
|
||||
owner = "windwp";
|
||||
repo = "nvim-autopairs";
|
||||
rev = "defad64afbf19381fe31488a7582bbac421d6e38";
|
||||
sha256 = "05ihrriym44g01rryaah2h2xnl183dpwcsf8q8rxzr29z0jpxxip";
|
||||
rev = "7b3eb9b5813a22188c4dbb248475fcbaf9f4d195";
|
||||
sha256 = "1ml9r1n4yc4xzalphm33m66m46q8g0c54krd29rabi67ymcc7vr3";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -539,12 +539,12 @@ in
|
|||
};
|
||||
virt-column-nvim = buildVimPluginFrom2Nix {
|
||||
pname = "virt-column.nvim";
|
||||
version = "2023-07-24";
|
||||
version = "2023-09-19";
|
||||
src = fetchFromGitHub {
|
||||
owner = "lukas-reineke";
|
||||
repo = "virt-column.nvim";
|
||||
rev = "1917bfb519729dea7b4f5d13aa9c810c9579b0ea";
|
||||
sha256 = "08brm8by7fzwqzgzcgcrzk7vq1dmknh5r4wxisc725rwkxjzmfkl";
|
||||
rev = "5fc72873dc3175eddbdbbedea8071919c99ad755";
|
||||
sha256 = "071cpga3fapqqpifd04hc5fwsq5v27p32vhli5zy8b8awg1qw9sm";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
@ -561,12 +561,12 @@ in
|
|||
};
|
||||
urlview-nvim = buildVimPluginFrom2Nix {
|
||||
pname = "urlview.nvim";
|
||||
version = "2023-05-23";
|
||||
version = "2023-09-19";
|
||||
src = fetchFromGitHub {
|
||||
owner = "axieax";
|
||||
repo = "urlview.nvim";
|
||||
rev = "b183133fd25caa6dd98b415e0f62e51e061cd522";
|
||||
sha256 = "0ychlw7lnnpmjflb5f5xyspv63kyrdzbxx88aw9ifaqiiyz3i4aq";
|
||||
rev = "bdbdf1e020e283551f003e71b0004096c746ef57";
|
||||
sha256 = "1bf226s400vyjffr6zqx9kr52qznzcgx1jnh356vfx3fjxsq81nl";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
};
|
||||
|
|
Binary file not shown.
|
@ -27,6 +27,9 @@ in
|
|||
|
||||
"agenix/hosts/tanker/forgejo-actions/token.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/tanker/headscale/dbPassword.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/headscale/acls.age".publicKeys = tanker;
|
||||
|
||||
"agenix/hosts/tanker/mastodon/databasePassword.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/mastodon/smtpPassword.age".publicKeys = tanker;
|
||||
"agenix/hosts/tanker/mastodon/otpSecret.age".publicKeys = tanker;
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
{ nixpkgs, disko, deploy-rs, home-manager, agenix, attic, inputs, ... }:
|
||||
{ nixpkgs, nixpkgs-master, disko, deploy-rs, home-manager, agenix, attic, inputs, ... }:
|
||||
|
||||
let
|
||||
default-system = "x86_64-linux";
|
||||
|
||||
# overlay-master = _: _: { pkgs-master = import inputs.nixpkgs-master { system = default-system; }; };
|
||||
overlay-master = _: _: { pkgs-master = import inputs.nixpkgs-master { system = default-system; }; };
|
||||
overlay-deploy-rs = _: _: { inherit (inputs.deploy-rs.packages.${default-system}) deploy-rs; };
|
||||
overlay-nifoc = inputs.nifoc-overlay.overlay;
|
||||
|
||||
nixpkgsConfig = {
|
||||
overlays = [
|
||||
# overlay-master
|
||||
overlay-master
|
||||
overlay-deploy-rs
|
||||
overlay-nifoc
|
||||
];
|
||||
|
|
|
@ -7,9 +7,6 @@
|
|||
|
||||
../darwin/fish.nix
|
||||
../darwin/attic.nix
|
||||
|
||||
../darwin/skhd.nix
|
||||
../darwin/yabai.nix
|
||||
];
|
||||
|
||||
nix = {
|
||||
|
|
|
@ -35,6 +35,8 @@ in
|
|||
../nixos/forgejo.nix
|
||||
(import ../nixos/forgejo-runner.nix (args // { name = "tanker"; tag = "ubuntu-latest-amd64"; }))
|
||||
|
||||
../nixos/headscale.nix
|
||||
|
||||
(import ../nixos/home-proxy.nix (args // { inherit secret; }))
|
||||
|
||||
../nixos/invidious.nix
|
||||
|
|
|
@ -27,6 +27,10 @@
|
|||
"nifoc.pw" = {
|
||||
domain = "*.nifoc.pw";
|
||||
};
|
||||
|
||||
"headscale.kempkens.network" = {
|
||||
domain = "*.headscale.kempkens.network";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -105,8 +105,8 @@
|
|||
useACMEHost = "internal.kempkens.network";
|
||||
|
||||
extraConfig = ''
|
||||
set_real_ip_from 100.108.165.26/32;
|
||||
set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a/128;
|
||||
set_real_ip_from 100.64.10.2/32;
|
||||
set_real_ip_from fd7a:115c:a1e0:1010::2/128;
|
||||
real_ip_header X-Forwarded-For;
|
||||
'';
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ in
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."overflow.daniel.sx" = {
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."atuin-sync.kempkens.io" = {
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
|
|
65
system/nixos/headscale.nix
Normal file
65
system/nixos/headscale.nix
Normal file
|
@ -0,0 +1,65 @@
|
|||
{ pkgs, config, ... }:
|
||||
let
|
||||
fqdn = "ctrl.headscale.kempkens.network";
|
||||
in
|
||||
{
|
||||
environment.systemPackages = [ pkgs.headscale ];
|
||||
|
||||
services.headscale = {
|
||||
enable = true;
|
||||
|
||||
address = "127.0.0.1";
|
||||
port = 8017;
|
||||
|
||||
settings = {
|
||||
ip_prefixes = [
|
||||
"fd7a:115c:a1e0:1010::/64"
|
||||
"100.64.10.0/24"
|
||||
];
|
||||
|
||||
db_type = "postgres";
|
||||
db_host = "/run/postgresql";
|
||||
db_name = "headscale";
|
||||
db_user = "headscale";
|
||||
db_password_file = config.age.secrets.headscale-database-password.path;
|
||||
|
||||
server_url = "https://${fqdn}";
|
||||
acl_policy_path = config.age.secrets.headscale-acls.path;
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
ensureDatabases = [ "headscale" ];
|
||||
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "headscale";
|
||||
ensurePermissions = {
|
||||
"DATABASE headscale" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${fqdn}" = {
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
onlySSL = true;
|
||||
useACMEHost = "headscale.kempkens.network";
|
||||
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
'';
|
||||
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8017";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
|
||||
locations."/web" = {
|
||||
root = "${pkgs.headscale-ui}/share";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -43,7 +43,7 @@ in
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."${fqdn}" = {
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
|
|
|
@ -78,8 +78,8 @@
|
|||
useACMEHost = "internal.kempkens.network";
|
||||
|
||||
extraConfig = ''
|
||||
set_real_ip_from 100.108.165.26/32;
|
||||
set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a/128;
|
||||
set_real_ip_from 100.64.10.2/32;
|
||||
set_real_ip_from fd7a:115c:a1e0:1010::2/128;
|
||||
real_ip_header proxy_protocol;
|
||||
'';
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = {
|
||||
# listen = [
|
||||
# {
|
||||
# addr = "100.108.165.26";
|
||||
# addr = "100.64.10.2";
|
||||
# port = 443;
|
||||
# ssl = true;
|
||||
# extraParameters = [
|
||||
|
@ -22,7 +22,7 @@
|
|||
# }
|
||||
#
|
||||
# {
|
||||
# addr = "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]";
|
||||
# addr = "[fd7a:115c:a1e0:1010::2]";
|
||||
# port = 443;
|
||||
# ssl = true;
|
||||
# extraParameters = [
|
||||
|
@ -32,7 +32,7 @@
|
|||
# }
|
||||
# ];
|
||||
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
|
||||
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
|
|
@ -7,7 +7,7 @@ in
|
|||
services.mastodon = {
|
||||
enable = true;
|
||||
|
||||
# package = pkgs.pkgs-master.mastodon;
|
||||
package = pkgs.pkgs-master.mastodon;
|
||||
|
||||
configureNginx = false;
|
||||
|
||||
|
|
|
@ -62,7 +62,7 @@ in
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."${secret.nginx.hostnames.nitter}" = {
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ in
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."ringo.daniel.sx" = {
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
|
|
|
@ -1,32 +1,18 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
let
|
||||
headscale = "https://ctrl.headscale.kempkens.network";
|
||||
in
|
||||
{
|
||||
environment.systemPackages = [ pkgs.tailscale ];
|
||||
|
||||
services.tailscale.enable = true;
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
authKeyFile = config.age.secrets.tailscale-authkey.path;
|
||||
|
||||
systemd.services.tailscale-autoconnect = {
|
||||
description = "Automatic connection to Tailscale";
|
||||
|
||||
after = [ "network-pre.target" "tailscale.service" ];
|
||||
wants = [ "network-pre.target" "tailscale.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
||||
script = ''
|
||||
# wait for tailscaled to settle
|
||||
sleep 2
|
||||
|
||||
# check if we are already authenticated to tailscale
|
||||
status="$(${pkgs.tailscale}/bin/tailscale status -json | ${pkgs.jq}/bin/jq -r .BackendState)"
|
||||
if [ $status = "Running" ]; then # if so, then do nothing
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# otherwise authenticate with tailscale
|
||||
authkey="$(cat ${config.age.secrets.tailscale-authkey.path})"
|
||||
${pkgs.tailscale}/bin/tailscale up -authkey "$authkey"
|
||||
'';
|
||||
extraUpFlags = [
|
||||
"--login-server"
|
||||
headscale
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."voyager.daniel.sx" = {
|
||||
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
|
||||
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
|
||||
quic = true;
|
||||
http3 = true;
|
||||
|
||||
|
|
Loading…
Reference in a new issue