From 01409f7ecb8b999d8147f17cf0340bfa5fafc777 Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Wed, 30 Oct 2024 23:05:34 -0700 Subject: [PATCH] feat: add git server to tailnet --- secrets/secrets.nix | 16 +++++++++------- secrets/tailscale_git_server.age | Bin 0 -> 383 bytes systems/x86_64-linux/git/default.nix | 12 ++++++++++++ 3 files changed, 21 insertions(+), 7 deletions(-) create mode 100644 secrets/tailscale_git_server.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b9696db..4d53ec0 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,15 +7,17 @@ let node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv"; pi4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9fnNXzEmDdmtR+KWj/M9vQioFR0s/4jMnIkUFcj8As"; proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAf6Z7SZEOH3H51T/GPIc/B0OpbaydM5l2PP3nMnwpFl"; + git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8JLy/ipBfOet3/KT7rXOXHDjjmt+VqqQb3V+ILIuDN"; }; in { "cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4 machines.proxy]; - "nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel]; - "theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel]; - "hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel]; - "teslamate_db.age".publicKeys = [users.me machines.node machines.gospel]; - "teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel]; - "teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel]; - "hydra-aws-creds.age".publicKeys = [users.me machines.gospel]; "gitea-runner-gospel.age".publicKeys = [users.me machines.gospel]; + "hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel]; + "hydra-aws-creds.age".publicKeys = [users.me machines.gospel]; + "nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel]; + "tailscale_git_server.age".publicKeys = [users.me machines.git]; # This key expires, might have to update + "teslamate_db.age".publicKeys = [users.me machines.node machines.gospel]; + "teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel]; + "teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel]; + "theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel]; } diff --git a/secrets/tailscale_git_server.age b/secrets/tailscale_git_server.age new file mode 100644 index 0000000000000000000000000000000000000000..1b73a7265c719ba3762aee597b502f0dbb367e73 GIT binary patch literal 383 zcmV-_0f7EtXJsvAZewzJaCB*JZZ2R!CV(az!~<3S?zPVL5j;Q#e6Q zRZ(nVIcQE{F*R^`FJfy(H(Ek7cuQk=XIXe~SxPra3N1b$b8~1dWn?lnH8D9LH8gW% zIcFeGS}!dqldMi?BY)N-hPfapRFnLdHa#;$RF6n=a(Wv3zoYrqSQ)K|0 z!A;<%G$;$ka1T(w>Sl+mv~D6sv~1^=CY_d_p3h1qZ6Kn0+NSso)=ohuP+Ki3KNYVU dbiR0C{RPo)CV^Mb$wVaz&Fq3K`5>kRkXXHIiH`sP literal 0 HcmV?d00001 diff --git a/systems/x86_64-linux/git/default.nix b/systems/x86_64-linux/git/default.nix index 291d4c7..eea3bd9 100644 --- a/systems/x86_64-linux/git/default.nix +++ b/systems/x86_64-linux/git/default.nix @@ -4,9 +4,12 @@ ... }: let domain = "git.alejandr0angul0.dev"; + secrets = config.age.secrets; in { imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"]; + age.secrets.authKeyFile.file = ../../../secrets/tailscale_git_server.age; + aa = { nix.enable = true; @@ -17,6 +20,10 @@ in { services = { openssh.enable = true; + tailscale = { + enable = true; + configureClientRouting = true; + }; }; }; @@ -25,6 +32,11 @@ in { enableACME = true; }; + services.tailscale = { + authKeyFile = secrets.authKeyFile.path; + extraUpFlags = ["--ssh"]; + }; + security.acme = { acceptTerms = true; defaults = {