1
0
Fork 0

all: switch from tailscale to headscale
All checks were successful
Build / build-arm64-linux (push) Successful in 19m49s
Build / build-amd64-linux (push) Successful in 42m11s

This commit is contained in:
Daniel Kempkens 2023-09-21 21:38:44 +02:00
parent 178b0e28ca
commit b438a36f3b
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
28 changed files with 222 additions and 126 deletions

View file

@ -1,10 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g WF7NACS4+2IWcLmDTjbiXQsI93ZUDUeofMg6eYwXyRM
xy71RLaW5MwZU69EP4A4x9SSTLsv2vINzdjPZbHUJ+8
-> ssh-ed25519 Y94Yig nCe73IOsZbRmWpGBAg26zTkTP3GC3FnpmS7UujJkTyU
kY6qLgHIH+5bUTKDTqcak2r2l15XNJR2Hm7uCk1OxGM
-> F>J-grease @@cdP
NHDpMlW3kAJD9b/YgQkciZs7IILSWIFi0LY5L6j3IaQp1QTU1xQRzGs0QpH2jYCs
6UIr2dIfw/qc9Q8IGeOYJvHXfjtw
--- l+vCsTsawEm3J0DqduySW+9k3YMqa0iSHMoo/7Kk9xo
i(èA]÷b ÖÍ“gônÑ: #|<7C>=Kcµ4ƒ…¥ˆ <52>X:‡#D.~í<=Ës«KžËÖbøþ>ž.À¹ˆ] "ãôV$<24>C廊(ôÚ͹Øÿ
-> ssh-ed25519 MtGp6g f+HNEy02C/zWGNsrPpPzJiZc2JvRDH6L5vNqd3Hh2Tk
U2BMb3YczFvYe2EXsRpg+L4GRJ8cwYNPXmEqwHZj2Us
-> ssh-ed25519 Y94Yig HXut7W1n8I/PjISX8+wCAddIg3509V3Z4pw0KcBilGo
LW4jo71cZ6oHu0UnnikI0iEM17HlhUHFz02eO/ZAAnU
-> $vz-grease
uKSVRbtXjOS6mUAzvk9xa3JWgWmktEmNHO6NPalag3C8OULWzDWPsGNaTpY/OCV+
Re5Uq458B62NwvLlLbw
--- /wV5Bm3A43iFaxc6VAq8YJAei/PDFLCAzMz/TpXmRKA
™÷ÎŻ žĹłIxżJ|´”ÖEx×=n0J™{ŮNôŐ¶·­±h'ÇĎ0š˛Ń}q<>ófhą;ĚyČ0ÄDJmáQ(ç<E2809A>'źă'EÜą3

View file

@ -31,6 +31,18 @@
file = ./forgejo-actions/token.age;
};
headscale-database-password = {
file = ./headscale/dbPassword.age;
owner = "headscale";
group = "headscale";
};
headscale-acls = {
file = ./headscale/acls.age;
owner = "headscale";
group = "headscale";
};
linkding-environment = {
file = ./linkding/environment.age;
};

Binary file not shown.

View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g Ksx8IgaAlR47n4KH6gqrFa0/LTbJdng+Y4LyaIyUoHM
Us/MXus/dEo5z3q9Un44jGgAPOQmQABhSvEEFbSNZaY
-> ssh-ed25519 iO8/4g bb5CMC4W+/8LqXV4wo5lL/pEPiDv8aTB2JTP4WAU8RI
zUDaW+pIBLWzNpeoRnSVTrs0FzCzGp88xOJQCJ23Abg
-> 9Avzmsce-grease *| wURxw
N/PIH4VmQp68zcOwFozdd/46yiXa7YT3kughflU+PnxACswnu0r56YYEoU40lPqV
kIdUiACfIFkXByDvS4Xt/WlT4X9Ncu0LCEzMZhnT4HQtL8lVMMAWqm6BdDDn4yBs
VuA
--- EN7FwLG8kh/pxDa8gJyFwccM3ew8LqhmJDN7TTVMiSE
”+lûáÿ1÷c­cœõ:cnGÄÎüá=+Þ´Ä `'‚Ãô>AÄ0q z*çÕe0D¶D

View file

@ -1,10 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g 8/VvalpTjMjXQYaGZiNTJ/UyXXcgaaKXT46+sn2IuC0
eH+i//7AQiJ9KSD8NUkAd6CL6G6wuPeWBYLaUVUkH1s
-> ssh-ed25519 iO8/4g B9Tzo0djfjhV5wDj3i6JZseYJth+zIxkfbbMDuK8y3s
Wgokb9VVhd49riNZZ1JxuCGX1MgwzGr1Yqju475U0YA
-> 4S?&lGG-grease ? {z[+;U.< l8P&' !'eh+
mEhY97w5jF9ubheu6mx4puGrqsUyPxwGLhiwMjr5YLLwR5Hnj9xRY40UHGdng1H1
ssoX94PaJQN2YwwMSa8WudBhe2hAP7cWpH8tFMH6u/exmGO4UA
--- x1cfStmTuQb1xfYJ5DazYeAhjA1JcHZJF7Z4dhy2V58
Åú´ÌXK†eµtš0ùM(QiœB-7 ÒxgG<67>NÁ¿ŠÀéBXÉÿ\V†ÎØ=GfM§KÀèÀšé.<2E>$+ÿÂË'‹ØŸ;Ó€¨ôdÈMÇrǯ¢H
-> ssh-ed25519 MtGp6g 4pT/Mw3rQ4Fce6O8VQUg0iiwm5a2uTkBLtGuyhWrtHE
uc2ECQhpzARnywarhHF7yQa6SY7DYg7q6f4GaWxIJsA
-> ssh-ed25519 iO8/4g ZuFmCVHKMjwtchVw/MXr3OEOIuXMmB3OJcVjeXf6kQg
g8JMv21lAtoogNITlpSfa4yfQP0ouqD961OcoYXbWBA
-> 'D~T-grease L<0z6X|I ~0ki Z,Vsm !LvoC'*
--- k/qNUN24AQe4kouuHkT1wbnUkJnXIPOBH9suI/ZX4ow
ܼjY>¸=ÓqÒâ¿M¾u-ÖÙÍBi+þ†—˜¢=Ì/!KÎa”ñ³íÝêDjëkBØ0Ï'<27>sî²a{cŇW )º”ouÚô

View file

@ -52,7 +52,7 @@
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ];
services.nginx.virtualHosts."tictac.daniel.sx" = {
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
quic = true;
http3 = true;

View file

@ -109,11 +109,11 @@
]
},
"locked": {
"lastModified": 1695039393,
"narHash": "sha256-HXvRPTSfQ/fCqxYGvWOc1duSBdXcQlrYvyno8YZbyHI=",
"lastModified": 1695204792,
"narHash": "sha256-8hsi2L8e5EiWZBcbjmKTDWXXLsi4BOC2FEjaZFPdjWo=",
"owner": "nix-community",
"repo": "disko",
"rev": "9f29cedac79d0acf07b6341f9112f46dec3abb8f",
"rev": "f43f106e91fe4f6591cf80cc5c8179e841c6e922",
"type": "github"
},
"original": {
@ -300,11 +300,11 @@
]
},
"locked": {
"lastModified": 1695069742,
"narHash": "sha256-wKL5C+TqmqkPeDZ9E6dGEGUln3LJ0EmiVkG8MDLo6vE=",
"lastModified": 1695224363,
"narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f092a9220220e390c76605b6c4e2238774050f8b",
"rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00",
"type": "github"
},
"original": {
@ -323,11 +323,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1695010592,
"narHash": "sha256-TbYvLxmx2O6d/oVCG+yHpSg1ZJZRsq4PRVZFV0AOhrg=",
"lastModified": 1695293905,
"narHash": "sha256-vwuytAB/nKLQQ1itTN/Bh1bsRjf31fP/MHNbQkn01DQ=",
"owner": "neovim",
"repo": "neovim",
"rev": "9cadbf1d36b63f53f0de48c8c5ff6c752ff05d70",
"rev": "5e43a4ce4d973677172519a50e4f6f49e6dd4a2b",
"type": "github"
},
"original": {
@ -346,11 +346,11 @@
]
},
"locked": {
"lastModified": 1695020316,
"narHash": "sha256-DTVi6jrCNcR1xWzZVru5FecLK3Az0+eTR8IoJRLteUI=",
"lastModified": 1695306705,
"narHash": "sha256-20Li8SnO/ByNkYWmfrx7KDUQftz/2tnRSYGAXACzVMo=",
"ref": "refs/heads/master",
"rev": "d5ed014c12239f9b76cf5aeb80002ae9f74b227a",
"revCount": 494,
"rev": "1845949793f5a16d5ab6c7c1bc4c9c7eed229b71",
"revCount": 496,
"type": "git",
"url": "https://git.kempkens.io/daniel/nix-overlay"
},
@ -366,11 +366,11 @@
]
},
"locked": {
"lastModified": 1694810318,
"narHash": "sha256-LuvrVj2oj9TzdnnwtQUClqcXjpgwCP01FFVBM7azGV8=",
"lastModified": 1695114819,
"narHash": "sha256-/aIfbZxP39QZ8m7qX2RzQTy5PWzz2e22cCcZ+AOO7lA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "80bb201f4925cdda5a7a3c7b1900fb26bb2af2e8",
"rev": "afeddc412b3a3b0e7c9ef7ea5fbdf2186781d102",
"type": "github"
},
"original": {
@ -381,11 +381,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1695033975,
"narHash": "sha256-GIUxbgLBhVyaKRxQw/NWYFLx7/jbKW3+U0HoSsMLPAs=",
"lastModified": 1695109627,
"narHash": "sha256-4rpyoVzmunIG6xWA/EonnSSqC69bDBzciFi6SjBze/0=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "161b027169b19d3a0ad6bd0a8948edf0c0fb0f64",
"rev": "cb4dc98f776ddb6af165e6f06b2902efe31ca67a",
"type": "github"
},
"original": {
@ -397,11 +397,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1694767346,
"narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=",
"lastModified": 1695145219,
"narHash": "sha256-Eoe9IHbvmo5wEDeJXKFOpKUwxYJIOxKUesounVccNYk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ace5093e36ab1e95cb9463863491bee90d5a4183",
"rev": "5ba549eafcf3e33405e5f66decd1a72356632b96",
"type": "github"
},
"original": {
@ -413,11 +413,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1694948089,
"narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
"lastModified": 1695132891,
"narHash": "sha256-cJR9AFHmt816cW/C9necLJyOg/gsnkvEeFAfxgeM1hc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
"rev": "8b5ab8341e33322e5b66fb46ce23d724050f6606",
"type": "github"
},
"original": {
@ -463,6 +463,22 @@
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1695306240,
"narHash": "sha256-MsVESu3+HK9cZZ7755uT26n1REpNRgC3Ry7keQ0dIcU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d9c6fcb483ae66621c1dd382cdd939493b8712d0",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1685004253,
@ -533,6 +549,7 @@
"nixos-hardware": "nixos-hardware",
"nixos-unstable": "nixos-unstable",
"nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"treefmt-nix": "treefmt-nix"
}
@ -601,11 +618,11 @@
]
},
"locked": {
"lastModified": 1694528738,
"narHash": "sha256-aWMEjib5oTqEzF9f3WXffC1cwICo6v/4dYKjwNktV8k=",
"lastModified": 1695290086,
"narHash": "sha256-ol6licpIAzc9oMsEai/9YZhgSMcrnlnD/3ulMLGNKL0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "7a49c388d7a6b63bb551b1ddedfa4efab8f400d8",
"rev": "e951529be2e7c669487de78f5aef8597bbae5fca",
"type": "github"
},
"original": {

View file

@ -2,7 +2,7 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nixos-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# nixpkgs-master.url = "github:nixos/nixpkgs/master";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
# Tools
@ -76,7 +76,7 @@
tanker = import ./system/flakes/tanker.nix {
nixpkgs = inputs.nixos-unstable;
inherit (inputs) disko deploy-rs home-manager agenix attic;
inherit (inputs) nixpkgs-master disko deploy-rs home-manager agenix attic;
inherit inputs;
};

View file

@ -63,12 +63,12 @@ in
};
yanky-nvim = buildVimPluginFrom2Nix {
pname = "yanky.nvim";
version = "2023-09-11";
version = "2023-09-19";
src = fetchFromGitHub {
owner = "gbprod";
repo = "yanky.nvim";
rev = "4c85d8d6808d9859e72f8bd6c25302199e6a5eac";
sha256 = "0ph1mc7nlfsx0aaybnvg6wwpx7hv2ks621qkjcrl3hf8dbc173xs";
rev = "4f5f15829fbad15ed703e7cb072cdf2a488cf5e7";
sha256 = "0gqzaifbvaj7l9x3l5m2wwn52r2a3giysdbzvmnkyjkj53jn3ya6";
fetchSubmodules = false;
};
};
@ -118,12 +118,12 @@ in
};
nvim-treesitter = buildVimPluginFrom2Nix {
pname = "nvim-treesitter";
version = "2023-09-18";
version = "2023-09-21";
src = fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter";
rev = "b4f6dd72980607a9821d24502b0ca7ee826376af";
sha256 = "0x7zzly5syr8ssih0d9y9farji2lxk4mlwimv6sh1w99jacwxj8l";
rev = "b7f2dd5dfbd24a1239844e15637b637b990df164";
sha256 = "199hp19b8wp9fxzcb7pakcs4djbsnghbkv5914llc57w6ybhdqdb";
fetchSubmodules = false;
};
};
@ -162,12 +162,12 @@ in
};
telescope-nvim = buildVimPluginFrom2Nix {
pname = "telescope.nvim";
version = "2023-09-16";
version = "2023-09-20";
src = fetchFromGitHub {
owner = "nvim-telescope";
repo = "telescope.nvim";
rev = "b543aaa2c9cf8123ed2fe7dbb6c211a9cd415124";
sha256 = "0k0jymfkp9n65pb5iak7kf89pl41zr7iwg19ww31j3b814am4pjd";
rev = "40c8d2fc2b729dd442eda093cf8c9496d6e23732";
sha256 = "08nxnnglli2j07k70xxfjnd02iysr3zbac26xqjv0b1rdn24w9gx";
fetchSubmodules = false;
};
};
@ -242,23 +242,23 @@ in
};
nvim-lspconfig = buildVimPluginFrom2Nix {
pname = "nvim-lspconfig";
version = "2023-09-18";
version = "2023-09-20";
src = fetchFromGitHub {
owner = "neovim";
repo = "nvim-lspconfig";
rev = "f3195835c0447ee2c80152b893ab51ca162b04a9";
sha256 = "0mm4s73qcswhjmhq8ija9jg0p1k2jk51g4h9ij36sww76330jnkg";
rev = "4266f9bb36b4fb09edd19b67d95043cf7ff88ddf";
sha256 = "1fj81152cpcmbbc9vkbv7cr94i0y9hz4gi0bzsar632wrdsni5q0";
fetchSubmodules = false;
};
};
nvim-jdtls = buildVimPluginFrom2Nix {
pname = "nvim-jdtls";
version = "2023-09-14";
version = "2023-09-19";
src = fetchFromGitHub {
owner = "mfussenegger";
repo = "nvim-jdtls";
rev = "697b39e3db0e0d0ce9ee4c2df506a4e0386af6c2";
sha256 = "0iaccv986r4z1lmfih24dk2ls501bfqw3n7z4h0mwbf7xqm9jml3";
rev = "3ca419c52a7c20a2565237db2c110ed68fc7e6f1";
sha256 = "1jy5yklfc3fvajy5mqwfi4h6p5bxb71ar1hnck8k8hciggrijhrq";
fetchSubmodules = false;
};
};
@ -286,23 +286,23 @@ in
};
vim-illuminate = buildVimPluginFrom2Nix {
pname = "vim-illuminate";
version = "2023-09-12";
version = "2023-09-20";
src = fetchFromGitHub {
owner = "RRethy";
repo = "vim-illuminate";
rev = "8c910b2f84ae6acd9b4b17330bb94dd783c0c11a";
sha256 = "0v6w5lm8f39yg9s3lfh15a2sbw8sr6pfiz6p83fmigrxncvb49cp";
rev = "6acf7d4a18255a3ddc43770866c8e148fe85af7b";
sha256 = "1vgr5cjvkv7jxiwap7fzlhmpmhs8xmlswbzvi747zsbsgwvrk5yf";
fetchSubmodules = false;
};
};
nvim-lint = buildVimPluginFrom2Nix {
pname = "nvim-lint";
version = "2023-09-17";
version = "2023-09-21";
src = fetchFromGitHub {
owner = "mfussenegger";
repo = "nvim-lint";
rev = "3c936d9d28aa5c5d4c90780e1c3430171bdcb3c2";
sha256 = "12db99jb2wwbf6j8y1d7q5dgrnr5x11j5x83f72sbl800axlkdvf";
rev = "75a837ce983c0fb94c1abd81a11371dc62c404a8";
sha256 = "1wq18qamr5a3khyx52jgaz597cbizpc007cv45cffn11q0sy15s4";
fetchSubmodules = false;
};
};
@ -319,12 +319,12 @@ in
};
LuaSnip = buildVimPluginFrom2Nix {
pname = "LuaSnip";
version = "2023-09-17";
version = "2023-09-21";
src = fetchFromGitHub {
owner = "L3MON4D3";
repo = "LuaSnip";
rev = "3657c3f3cb2214a681fc7e95b6ffb509d076ebfb";
sha256 = "1w7jzcwkyikl4v5irb5yc0v5vs0k758mdwvgnscc9zzwsg6vs642";
rev = "c5fb16a934892086d4ba01bac48b77c65435025e";
sha256 = "08gqbwpsqnlvrn11g51h44npfhh1gbxkw55sl7qpa5q3bvh8q5q1";
fetchSubmodules = false;
};
};
@ -462,12 +462,12 @@ in
};
nvim-autopairs = buildVimPluginFrom2Nix {
pname = "nvim-autopairs";
version = "2023-09-08";
version = "2023-09-19";
src = fetchFromGitHub {
owner = "windwp";
repo = "nvim-autopairs";
rev = "defad64afbf19381fe31488a7582bbac421d6e38";
sha256 = "05ihrriym44g01rryaah2h2xnl183dpwcsf8q8rxzr29z0jpxxip";
rev = "7b3eb9b5813a22188c4dbb248475fcbaf9f4d195";
sha256 = "1ml9r1n4yc4xzalphm33m66m46q8g0c54krd29rabi67ymcc7vr3";
fetchSubmodules = false;
};
};
@ -539,12 +539,12 @@ in
};
virt-column-nvim = buildVimPluginFrom2Nix {
pname = "virt-column.nvim";
version = "2023-07-24";
version = "2023-09-19";
src = fetchFromGitHub {
owner = "lukas-reineke";
repo = "virt-column.nvim";
rev = "1917bfb519729dea7b4f5d13aa9c810c9579b0ea";
sha256 = "08brm8by7fzwqzgzcgcrzk7vq1dmknh5r4wxisc725rwkxjzmfkl";
rev = "5fc72873dc3175eddbdbbedea8071919c99ad755";
sha256 = "071cpga3fapqqpifd04hc5fwsq5v27p32vhli5zy8b8awg1qw9sm";
fetchSubmodules = false;
};
};
@ -561,12 +561,12 @@ in
};
urlview-nvim = buildVimPluginFrom2Nix {
pname = "urlview.nvim";
version = "2023-05-23";
version = "2023-09-19";
src = fetchFromGitHub {
owner = "axieax";
repo = "urlview.nvim";
rev = "b183133fd25caa6dd98b415e0f62e51e061cd522";
sha256 = "0ychlw7lnnpmjflb5f5xyspv63kyrdzbxx88aw9ifaqiiyz3i4aq";
rev = "bdbdf1e020e283551f003e71b0004096c746ef57";
sha256 = "1bf226s400vyjffr6zqx9kr52qznzcgx1jnh356vfx3fjxsq81nl";
fetchSubmodules = false;
};
};

Binary file not shown.

View file

@ -27,6 +27,9 @@ in
"agenix/hosts/tanker/forgejo-actions/token.age".publicKeys = tanker;
"agenix/hosts/tanker/headscale/dbPassword.age".publicKeys = tanker;
"agenix/hosts/tanker/headscale/acls.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/databasePassword.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/smtpPassword.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/otpSecret.age".publicKeys = tanker;

View file

@ -1,15 +1,15 @@
{ nixpkgs, disko, deploy-rs, home-manager, agenix, attic, inputs, ... }:
{ nixpkgs, nixpkgs-master, disko, deploy-rs, home-manager, agenix, attic, inputs, ... }:
let
default-system = "x86_64-linux";
# overlay-master = _: _: { pkgs-master = import inputs.nixpkgs-master { system = default-system; }; };
overlay-master = _: _: { pkgs-master = import inputs.nixpkgs-master { system = default-system; }; };
overlay-deploy-rs = _: _: { inherit (inputs.deploy-rs.packages.${default-system}) deploy-rs; };
overlay-nifoc = inputs.nifoc-overlay.overlay;
nixpkgsConfig = {
overlays = [
# overlay-master
overlay-master
overlay-deploy-rs
overlay-nifoc
];

View file

@ -7,9 +7,6 @@
../darwin/fish.nix
../darwin/attic.nix
../darwin/skhd.nix
../darwin/yabai.nix
];
nix = {

View file

@ -35,6 +35,8 @@ in
../nixos/forgejo.nix
(import ../nixos/forgejo-runner.nix (args // { name = "tanker"; tag = "ubuntu-latest-amd64"; }))
../nixos/headscale.nix
(import ../nixos/home-proxy.nix (args // { inherit secret; }))
../nixos/invidious.nix

View file

@ -27,6 +27,10 @@
"nifoc.pw" = {
domain = "*.nifoc.pw";
};
"headscale.kempkens.network" = {
domain = "*.headscale.kempkens.network";
};
};
};
}

View file

@ -105,8 +105,8 @@
useACMEHost = "internal.kempkens.network";
extraConfig = ''
set_real_ip_from 100.108.165.26/32;
set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a/128;
set_real_ip_from 100.64.10.2/32;
set_real_ip_from fd7a:115c:a1e0:1010::2/128;
real_ip_header X-Forwarded-For;
'';

View file

@ -39,7 +39,7 @@ in
};
services.nginx.virtualHosts."overflow.daniel.sx" = {
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
quic = true;
http3 = true;

View file

@ -9,7 +9,7 @@
};
services.nginx.virtualHosts."atuin-sync.kempkens.io" = {
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
quic = true;
http3 = true;

View file

@ -0,0 +1,65 @@
{ pkgs, config, ... }:
let
fqdn = "ctrl.headscale.kempkens.network";
in
{
environment.systemPackages = [ pkgs.headscale ];
services.headscale = {
enable = true;
address = "127.0.0.1";
port = 8017;
settings = {
ip_prefixes = [
"fd7a:115c:a1e0:1010::/64"
"100.64.10.0/24"
];
db_type = "postgres";
db_host = "/run/postgresql";
db_name = "headscale";
db_user = "headscale";
db_password_file = config.age.secrets.headscale-database-password.path;
server_url = "https://${fqdn}";
acl_policy_path = config.age.secrets.headscale-acls.path;
};
};
services.postgresql = {
ensureDatabases = [ "headscale" ];
ensureUsers = [
{
name = "headscale";
ensurePermissions = {
"DATABASE headscale" = "ALL PRIVILEGES";
};
}
];
};
services.nginx.virtualHosts."${fqdn}" = {
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "headscale.kempkens.network";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8017";
proxyWebsockets = true;
};
locations."/web" = {
root = "${pkgs.headscale-ui}/share";
};
};
}

View file

@ -43,7 +43,7 @@ in
};
services.nginx.virtualHosts."${fqdn}" = {
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
quic = true;
http3 = true;

View file

@ -78,8 +78,8 @@
useACMEHost = "internal.kempkens.network";
extraConfig = ''
set_real_ip_from 100.108.165.26/32;
set_real_ip_from fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a/128;
set_real_ip_from 100.64.10.2/32;
set_real_ip_from fd7a:115c:a1e0:1010::2/128;
real_ip_header proxy_protocol;
'';

View file

@ -11,7 +11,7 @@
services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = {
# listen = [
# {
# addr = "100.108.165.26";
# addr = "100.64.10.2";
# port = 443;
# ssl = true;
# extraParameters = [
@ -22,7 +22,7 @@
# }
#
# {
# addr = "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]";
# addr = "[fd7a:115c:a1e0:1010::2]";
# port = 443;
# ssl = true;
# extraParameters = [
@ -32,7 +32,7 @@
# }
# ];
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
quic = true;
http3 = true;

View file

@ -7,7 +7,7 @@ in
services.mastodon = {
enable = true;
# package = pkgs.pkgs-master.mastodon;
package = pkgs.pkgs-master.mastodon;
configureNginx = false;

View file

@ -62,7 +62,7 @@ in
};
services.nginx.virtualHosts."${secret.nginx.hostnames.nitter}" = {
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
quic = true;
http3 = true;

View file

@ -41,7 +41,7 @@ in
};
services.nginx.virtualHosts."ringo.daniel.sx" = {
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
quic = true;
http3 = true;

View file

@ -1,32 +1,18 @@
{ pkgs, config, ... }:
let
headscale = "https://ctrl.headscale.kempkens.network";
in
{
environment.systemPackages = [ pkgs.tailscale ];
services.tailscale.enable = true;
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets.tailscale-authkey.path;
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${pkgs.tailscale}/bin/tailscale status -json | ${pkgs.jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
authkey="$(cat ${config.age.secrets.tailscale-authkey.path})"
${pkgs.tailscale}/bin/tailscale up -authkey "$authkey"
'';
extraUpFlags = [
"--login-server"
headscale
];
};
}

View file

@ -9,7 +9,7 @@
};
services.nginx.virtualHosts."voyager.daniel.sx" = {
listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
quic = true;
http3 = true;