alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add git server to tailnet

Browse source
This commit is contained in:
alejandro-angulo 2024-10-30 23:05:34 -07:00
parent 48c04a94fa
commit 01409f7ecb
Signed by: alejandro-angulo
GPG key ID: 75579581C74554B6
3 changed files with 21 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

16
secrets/secrets.nix
View file

@ -7,15 +7,17 @@ let
node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
pi4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9fnNXzEmDdmtR+KWj/M9vQioFR0s/4jMnIkUFcj8As";
proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAf6Z7SZEOH3H51T/GPIc/B0OpbaydM5l2PP3nMnwpFl";
git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8JLy/ipBfOet3/KT7rXOXHDjjmt+VqqQb3V+ILIuDN";
};
in {
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4 machines.proxy];
"nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
"theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel];
"hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
"teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
"teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
"teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];
"hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
"gitea-runner-gospel.age".publicKeys = [users.me machines.gospel];
"hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
"hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
"nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
"tailscale_git_server.age".publicKeys = [users.me machines.git]; # This key expires, might have to update
"teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
"teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];
"teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
"theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel];
}

BIN
secrets/tailscale_git_server.age Normal file
View file

Binary file not shown.

12
systems/x86_64-linux/git/default.nix
View file

@ -4,9 +4,12 @@
...
}: let
domain = "git.alejandr0angul0.dev";
secrets = config.age.secrets;
in {
imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"];
age.secrets.authKeyFile.file = ../../../secrets/tailscale_git_server.age;
aa = {
nix.enable = true;
@ -17,6 +20,10 @@ in {
services = {
openssh.enable = true;
tailscale = {
enable = true;
configureClientRouting = true;
};
};
};
@ -25,6 +32,11 @@ in {
enableACME = true;
};
services.tailscale = {
authKeyFile = secrets.authKeyFile.path;
extraUpFlags = ["--ssh"];
};
security.acme = {
acceptTerms = true;
defaults = {