From 15e0dce041377f2adf1856fb48d1a66920c98e72 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Mon, 22 Jul 2024 22:54:08 +0200 Subject: [PATCH] feat: Enable tailscale on physical servers fix: Fix Nix flake checks --- flake-parts/kubenix.nix | 3 +-- nixos-modules/default.nix | 1 + nixos-modules/k3s/default.nix | 1 + nixos-modules/tailscale.nix | 14 ++++++++++++++ secrets/nixos.yaml | 6 ++++-- 5 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 nixos-modules/tailscale.nix diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index 76cfa53..8893c62 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -184,6 +184,5 @@ }; in { - apps = builtins.mapAttrs mkDeployApp deployers; - packages = builtins.mapAttrs mkManifest deployers; + apps = pkgs.lib.mergeAttrs (builtins.mapAttrs mkDeployApp deployers) (builtins.mapAttrs mkManifest deployers); }) diff --git a/nixos-modules/default.nix b/nixos-modules/default.nix index 8d3c5d2..4ee9a8b 100644 --- a/nixos-modules/default.nix +++ b/nixos-modules/default.nix @@ -6,5 +6,6 @@ ./data-sharing.nix ./monitoring ./k3s + ./tailscale.nix ]; } diff --git a/nixos-modules/k3s/default.nix b/nixos-modules/k3s/default.nix index 4c902d9..d47f182 100644 --- a/nixos-modules/k3s/default.nix +++ b/nixos-modules/k3s/default.nix @@ -61,6 +61,7 @@ in nfs-utils # Required for Longhorn ]; + # TODO!!!!! networking = { nftables.enable = lib.mkForce false; firewall.enable = lib.mkForce false; diff --git a/nixos-modules/tailscale.nix b/nixos-modules/tailscale.nix new file mode 100644 index 0000000..0edd968 --- /dev/null +++ b/nixos-modules/tailscale.nix @@ -0,0 +1,14 @@ +{ config, ... }: { + config = { + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/authKey".path; + + extraUpFlags = [ + "--hostname=${config.networking.hostName}" + ]; + }; + + sops.secrets."tailscale/authKey" = { }; + }; +} diff --git a/secrets/nixos.yaml b/secrets/nixos.yaml index 6386cd8..6bbc8e8 100644 --- a/secrets/nixos.yaml +++ b/secrets/nixos.yaml @@ -11,6 +11,8 @@ k3s: etcd: peerCAKey: ENC[AES256_GCM,data:hr/Q9UqzA5IKK4o+mxyYQyXjTl1/guRLcjeBBaErxlvtQ0QarNWBMV0SuekCTiv0aGEUiXrY4u/39n6/VdVsxCdCDFDSuEJE5iEklpReKkW0gIvW3wIk98PC8xhNKjwRNnPwgE6TmOi8RSR9jdL9A3VKUXXo4XDkKPWrK6yHOJHKWgGOKX8+TP8HHwGGG6JvcMgOfbLJIvstsB9C17bOHt0KNaPKIpGN3gRkY7rJE/ORIJaOFxQB9WrcmweB2B7K3tlnVyLsY/wZsturZDJtK4CtVPEba7jXlpI4xnr0EANhRxs=,iv:gy8/RAxOxMrzFbPynQw1iDbXYEM4iYXJ+OfvQE9MAfU=,tag:vlnfHLzOm9ztsnaSIbL14w==,type:str] serverCAKey: ENC[AES256_GCM,data:bn4BLlUSOHBOzjxO7oCmnWY3+yc/+J149QFfHOxrrFFblCkY3MEtXg9ogFsU+CYhZg6HZtOiecbo3V1fTe6dbSdWlUW7mHVoFP75aRuLjeEwX9Crgu/BVce7tcL0nFXvaBfaPngz3irzE2t2Dt+p1rVFWsMa2Ms2Wfzx9ZfVUbD0mOBgKmR+fGCHQBuUk4F9kzXA//J6iuk2VNh0+6YXBfTWCEsBllg8CvLgD9aU3DE7nS/xcbZcbpR3nWp8nQvezA5/cAEVTyuQfUO2u/tnYAoEE7t1Qo4RJrWlY30xTvXdq44=,iv:kXjH9JPjix64b+nWWIF/TBlZH9DsOYGTq5okQB3HKYs=,tag:MYM0xdi8AjaR0I/ZcpELAQ==,type:str] +tailscale: + authKey: ENC[AES256_GCM,data:nOxCntC28235lk47BRpIPuNRwmp87DbEY8c3QHIZLXfLvS+U1neoNNlAZ8ThQd4addLoPrJRH0LgDiWAUQ==,iv:7ymbpb78mdXm1/MaGe/ZrsJv8zYQNGm3//Hud7lCgPY=,tag:Wuwf2EKz2RBsaEbrxyNQ0w==,type:str] sops: kms: [] gcp_kms: [] @@ -71,8 +73,8 @@ sops: Q0VudEFzRUFGWlNJcHc0VzZJUVRwbHMKjTMUFFbHhDeP7QLmR64yqDEh4naazL9f etbOvYUkgj4IaB9UgDerG4MjyyHiVVY9Md8Jqe3dOQN0rqXRxNOW1g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-15T19:11:54Z" - mac: ENC[AES256_GCM,data:OR2ibRtOtUwIuQ27c5PHRzdvKoTGMl4Ll7/hmuIB40amBqs54Cku/SEOqw2kHG31ii3cK5XbyaR6tC8Lvu07tn1iutbU8WjN8Ww+txr0FgdbeTYRIWr9aClAKmR3Ek1Ky2NsA2OaTm02Um6W0xX78Ran04Gjuf8vpaXSRYVsPbA=,iv:w9M3O5DHlm7Jq9vjfxaq34petJtgMeEUHZ0fZKycOjs=,tag:ShLvjfZJV3FARa4An+YfQA==,type:str] + lastmodified: "2024-07-22T20:27:25Z" + mac: ENC[AES256_GCM,data:zIY2DotoqnJmz/aBRHq+4ZLi/Smi1Bn4phmFsngMY1w0LVauKX95jwKwOhE0PfvIyd8E54N+BoCQ3QmRMv3uvBddScPNSGJgdgDRn8LDWol4/8avDoPFISpNvdS32Ac00UDnMeBEkW4S/oo9CwYHCpEsiwjL6FgjCX/KOK++kzA=,iv:sGCFNJ6gsEOskMlLWUnR9Gnsp8Emc0vdBAl4WN2A1f8=,tag:fHi4CR+exp1roW7UOzhMmQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1