From 01409f7ecb8b999d8147f17cf0340bfa5fafc777 Mon Sep 17 00:00:00 2001
From: alejandro-angulo <iam@alejandr0angul0.dev>
Date: Wed, 30 Oct 2024 23:05:34 -0700
Subject: [PATCH 1/2] feat: add git server to tailnet

---
 secrets/secrets.nix                  |  16 +++++++++-------
 secrets/tailscale_git_server.age     | Bin 0 -> 383 bytes
 systems/x86_64-linux/git/default.nix |  12 ++++++++++++
 3 files changed, 21 insertions(+), 7 deletions(-)
 create mode 100644 secrets/tailscale_git_server.age

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index b9696db..4d53ec0 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,15 +7,17 @@ let
     node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
     pi4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9fnNXzEmDdmtR+KWj/M9vQioFR0s/4jMnIkUFcj8As";
     proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAf6Z7SZEOH3H51T/GPIc/B0OpbaydM5l2PP3nMnwpFl";
+    git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8JLy/ipBfOet3/KT7rXOXHDjjmt+VqqQb3V+ILIuDN";
   };
 in {
   "cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4 machines.proxy];
-  "nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
-  "theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel];
-  "hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
-  "teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
-  "teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
-  "teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];
-  "hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
   "gitea-runner-gospel.age".publicKeys = [users.me machines.gospel];
+  "hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
+  "hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
+  "nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
+  "tailscale_git_server.age".publicKeys = [users.me machines.git]; # This key expires, might have to update
+  "teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
+  "teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];
+  "teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
+  "theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel];
 }
diff --git a/secrets/tailscale_git_server.age b/secrets/tailscale_git_server.age
new file mode 100644
index 0000000000000000000000000000000000000000..1b73a7265c719ba3762aee597b502f0dbb367e73
GIT binary patch
literal 383
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14$Sl(>Ffuh$2=#PzuS!>NG!3itwahjs
z4e(D6(04U*PfF9*cGq`~bWSfePY-j;Ps~jU^N92=a<z=$N=bE1v@ACZws7<f4a`Zj
z%<xMzG%cvqPs(;Pk8(1u@J_BskE|$&^fLDZ*;QPep_`gwWNK<?sbFeSoMM@-;2))L
z5f&8~S?um*k?mBOsvS^V73}8|=3Z%FWEt)eR-Elx;T4ou5s+iS<>XUnn(CM4ALX8A
zY*?%x;v1NpU7DIym}?Rh5Nzb{8tPe`l30+HTk4d|rK_u};8UDjR*{hx5oM9>m64+F
zY*JQi=$TpIkyND}l#%0E9_;UH<YQ3jpIa2kHB0Yheb2=e4<F3AmTwuH$}s1k?}KF~
z8r;VU_yhL8N^4)UB~Qt1OV0CYYICQ}pLgC%EmvVt)vaYec(3_6ss}{tYT1jfmnzv;
dk?@!GV!m2q_=S@$s$6H^H0k_QSjIXb0sy^hiH`sP

literal 0
HcmV?d00001

diff --git a/systems/x86_64-linux/git/default.nix b/systems/x86_64-linux/git/default.nix
index 291d4c7..eea3bd9 100644
--- a/systems/x86_64-linux/git/default.nix
+++ b/systems/x86_64-linux/git/default.nix
@@ -4,9 +4,12 @@
   ...
 }: let
   domain = "git.alejandr0angul0.dev";
+  secrets = config.age.secrets;
 in {
   imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"];
 
+  age.secrets.authKeyFile.file = ../../../secrets/tailscale_git_server.age;
+
   aa = {
     nix.enable = true;
 
@@ -17,6 +20,10 @@ in {
 
     services = {
       openssh.enable = true;
+      tailscale = {
+        enable = true;
+        configureClientRouting = true;
+      };
     };
   };
 
@@ -25,6 +32,11 @@ in {
     enableACME = true;
   };
 
+  services.tailscale = {
+    authKeyFile = secrets.authKeyFile.path;
+    extraUpFlags = ["--ssh"];
+  };
+
   security.acme = {
     acceptTerms = true;
     defaults = {

From 364974f31c70e4bc177ac57e0a78f45a3ab42087 Mon Sep 17 00:00:00 2001
From: alejandro-angulo <iam@alejandr0angul0.dev>
Date: Wed, 30 Oct 2024 23:08:40 -0700
Subject: [PATCH 2/2] fix: get actions runner working for new personal git
 server

I had to delete /var/lib/private/gitea-runner in addition to this change
(since I was migrating to a new git server).
---
 secrets/gitea-runner-gospel.age         | Bin 367 -> 367 bytes
 systems/x86_64-linux/gospel/default.nix |  27 +++++++++++++-----------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/secrets/gitea-runner-gospel.age b/secrets/gitea-runner-gospel.age
index c902be28d2d70f6ab26eb0001bd65c8a0f4b62ab..77456f951bec1c4c3c2a85c010b8e79870d480cf 100644
GIT binary patch
delta 313
zcmaFQ^qy&gc9?5oVu*=;qJN}?MOAP`VV;w=i>HT6PFavocz$6>mVZQ5US58tqj#1M
zS4Kcua$sRvMU;_OrJ<*br+1`lPDN>OxS4r)P*|u}YLS1at3_%^QH8$A#76OY=VaqR
zx3cumN<-tSVvD50uq3}g-%{;z=MvL`L`RQ|l3cg2stm6z|8xT`uSCCKAH&?F^nm2j
zG_$;5v(Wrv9}~9%Gv5mHqzs=N|D=Kdj~xHt@-Sa6U0q!TR};^?BF_@vNI&0{#N?8Y
z>^vXWR3G!m{PJS6RFfP_ZQsI(qQC-uV>g3*uA&L+v*+&pt|E0z+1adgWj|k&;=#LD
z?->1<Gf((>4darqxCcv;zbuKo8F8?E?W(6nGVXt$Zu4^3Fu&)UQl!s3tLr-$5AG5D
NAt;@4SV+I77XW!?cH{s6

delta 313
zcmaFQ^qy&gc36OmalUI{N@1X{YeaZxmP?9(nWw2|M4?G=h`Euan{RPuesHQ+L`qTs
zS87;9aBfwuYhI{%gt14cnL&1DsB4v*N1=~_p{J2cewwSNk!OHgZe&&d#76P@bYm}9
z?Me@i;v!3JCrfj)@|2un3m;RjqU^||a3iOj-~zA6N*`A@3-@#`&(NHzsPz1N0~ZT_
zLwA3l;?$5ZKQrG<#{$1fizM&lkg7;`!}QFQ$bdjDU0q#;9A9m}iXv^7ipb0m%k0FY
z#IzFg^c=@PKc_739G_5EKhx}p5Vw?)u<(#buCVXno|jEOT(){uz4*!H2S;qOu5z7{
zbr5|g+-rM0Qf6scQFtW3z{VZ&4Niutw%PmIisznZD4Sn<`{GJ%o3#Qh?I-hhP29L^
Mb<gEe6Y=fW0jn}|GXMYp

diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix
index 6417f98..e72a6d2 100644
--- a/systems/x86_64-linux/gospel/default.nix
+++ b/systems/x86_64-linux/gospel/default.nix
@@ -76,18 +76,21 @@
     })
   ];
 
-  services.gitea-actions-runner.instances = {
-    gospel = {
-      enable = true;
-      name = config.networking.hostName;
-      url = "https://gitea.kilonull.com";
-      tokenFile = config.age.secrets.gitea-runner-gospel.path;
-      labels = [
-        "ubuntu-latest:docker://node:16-bullseye"
-        "ubuntu-22.04:docker://node:16-bullseye"
-        "ubuntu-20.04:docker://node:16-bullseye"
-        "ubuntu-18.04:docker://node:16-buster"
-      ];
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+    instances = {
+      gospel = {
+        enable = true;
+        name = config.networking.hostName;
+        url = "https://git.alejandr0angul0.dev";
+        tokenFile = config.age.secrets.gitea-runner-gospel.path;
+        labels = [
+          "ubuntu-latest:docker://node:16-bullseye"
+          "ubuntu-22.04:docker://node:16-bullseye"
+          "ubuntu-20.04:docker://node:16-bullseye"
+          "ubuntu-18.04:docker://node:16-buster"
+        ];
+      };
     };
   };
   virtualisation = {