blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: blake:021c4a917205597f8960ef77fe7b09de347796d8
Branches Tags
blake:trunk
..
compare: blake:b0bcc1040e222213a7765f758ece21170e76073f
Branches Tags
blake:trunk

2 Commits
021c4a9172 ... b0bcc1040e

Author SHA1 Message Date
blake
b0bcc1040e break tailscale into 2 configs for server and client 2025-11-02 09:58:23 -06:00
blake
b08cb2ea82 break tailscale into 2 configs for server and client 2025-11-02 09:58:21 -06:00
6 changed files with 41 additions and 3 deletions
Expand all files Collapse all files

2
hosts/nixos/snowbelle/configuration.nix
View File

@@ -25,7 +25,6 @@ in
sops.enable = true; sops.enable = true;
podman.enable = true; podman.enable = true;
yubikey.enable = true; yubikey.enable = true;
tailscale.enable = true;
nvidia.enable = true; nvidia.enable = true;
}; };
holocron = { holocron = {
@@ -38,6 +37,7 @@ in
}; };
homelab = { homelab = {
enable = true; enable = true;
tailscale.enable = true;
backups.enable = true; backups.enable = true;
motd.enable = true; motd.enable = true;
postfix.enable = true; postfix.enable = true;

1
modules/homelab/default.nix
View File

@@ -62,6 +62,7 @@ in
./arr/flaresolverr ./arr/flaresolverr
./home/mosquitto ./home/mosquitto
./uptime-kuma ./uptime-kuma
./tailscale
]; ];
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {

36
modules/homelab/tailscale/default.nix Normal file
View File

@@ -0,0 +1,36 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.system.tailscale;
authkey_file = config.sops.secrets."tailscale_authkey".path;
in {
options.system.tailscale = {
enable = lib.mkEnableOption "enables tailscale";
};
config = lib.mkIf cfg.enable {
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
authKeyFile = authkey_file;
extraUpFlags = [
"--accept-routes=false" # true is equilivant to useRoutingFeatures = "client" (breaks shit)
"--accept-dns=true" # explicitly allow resolved
];
};
# network config
networking.firewall.trustedInterfaces = ["tailscale0"];
networking.firewall.allowedUDPPorts = [config.services.tailscale.port];
# declare authkey secrets
sops.secrets = {
"tailscale_authkey" = {
owner = "root";
};
};
};
}

2
modules/system/default.nix
View File

@@ -20,7 +20,7 @@
system.ssh.enable = lib.mkDefault true; system.ssh.enable = lib.mkDefault true;
system.sops.enable = lib.mkDefault true; system.sops.enable = lib.mkDefault true;
system.docker.enable = lib.mkDefault false; system.docker.enable = lib.mkDefault false;
system.tailscale.enable = lib.mkDefault true; system.tailscale.enable = lib.mkDefault false;
system.vpns.enable = lib.mkDefault false; system.vpns.enable = lib.mkDefault false;
system.vpn-confinement.enable = lib.mkDefault false; system.vpn-confinement.enable = lib.mkDefault false;
system.syncthing.enable = lib.mkDefault false; system.syncthing.enable = lib.mkDefault false;

2
modules/system/tailscale/default.nix
View File

@@ -17,7 +17,7 @@ in {
useRoutingFeatures = "both"; useRoutingFeatures = "both";
authKeyFile = authkey_file; authKeyFile = authkey_file;
extraUpFlags = [ extraUpFlags = [
"--accept-routes=false" # true is equilivant to useRoutingFeatures = "client" (breaks shit) "--accept-routes=true" # true is equilivant to useRoutingFeatures = "client" (breaks shit)
"--accept-dns=true" # explicitly allow resolved "--accept-dns=true" # explicitly allow resolved
]; ];
}; };

1
users/blake/dots/default.nix
View File

@@ -9,6 +9,7 @@
./kitty ./kitty
./dunst ./dunst
./waybar ./waybar
./stylix
./hypr ./hypr
./tofi ./tofi
./nvf ./nvf