home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

feat: Enable tailscale on physical servers

Browse source 
fix: Fix Nix flake checks
This commit is contained in:
Pim Kunis 2024-07-22 22:54:08 +02:00
parent c22d356191
commit 15e0dce041
5 changed files with 21 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
flake-parts/kubenix.nix
View file

@ -184,6 +184,5 @@
};
in
{
apps = builtins.mapAttrs mkDeployApp deployers;
packages = builtins.mapAttrs mkManifest deployers;
apps = pkgs.lib.mergeAttrs (builtins.mapAttrs mkDeployApp deployers) (builtins.mapAttrs mkManifest deployers);
})

1
nixos-modules/default.nix
View file

@ -6,5 +6,6 @@
./data-sharing.nix
./monitoring
./k3s
./tailscale.nix
];
}

1
nixos-modules/k3s/default.nix
View file

@ -61,6 +61,7 @@ in
nfs-utils # Required for Longhorn
];
# TODO!!!!!
networking = {
nftables.enable = lib.mkForce false;
firewall.enable = lib.mkForce false;

14
nixos-modules/tailscale.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, ... }: {
config = {
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/authKey".path;
extraUpFlags = [
"--hostname=${config.networking.hostName}"
];
};
sops.secrets."tailscale/authKey" = { };
};
}

6
secrets/nixos.yaml
View file

@ -11,6 +11,8 @@ k3s:
etcd:
peerCAKey: ENC[AES256_GCM,data:hr/Q9UqzA5IKK4o+mxyYQyXjTl1/guRLcjeBBaErxlvtQ0QarNWBMV0SuekCTiv0aGEUiXrY4u/39n6/VdVsxCdCDFDSuEJE5iEklpReKkW0gIvW3wIk98PC8xhNKjwRNnPwgE6TmOi8RSR9jdL9A3VKUXXo4XDkKPWrK6yHOJHKWgGOKX8+TP8HHwGGG6JvcMgOfbLJIvstsB9C17bOHt0KNaPKIpGN3gRkY7rJE/ORIJaOFxQB9WrcmweB2B7K3tlnVyLsY/wZsturZDJtK4CtVPEba7jXlpI4xnr0EANhRxs=,iv:gy8/RAxOxMrzFbPynQw1iDbXYEM4iYXJ+OfvQE9MAfU=,tag:vlnfHLzOm9ztsnaSIbL14w==,type:str]
serverCAKey: ENC[AES256_GCM,data:bn4BLlUSOHBOzjxO7oCmnWY3+yc/+J149QFfHOxrrFFblCkY3MEtXg9ogFsU+CYhZg6HZtOiecbo3V1fTe6dbSdWlUW7mHVoFP75aRuLjeEwX9Crgu/BVce7tcL0nFXvaBfaPngz3irzE2t2Dt+p1rVFWsMa2Ms2Wfzx9ZfVUbD0mOBgKmR+fGCHQBuUk4F9kzXA//J6iuk2VNh0+6YXBfTWCEsBllg8CvLgD9aU3DE7nS/xcbZcbpR3nWp8nQvezA5/cAEVTyuQfUO2u/tnYAoEE7t1Qo4RJrWlY30xTvXdq44=,iv:kXjH9JPjix64b+nWWIF/TBlZH9DsOYGTq5okQB3HKYs=,tag:MYM0xdi8AjaR0I/ZcpELAQ==,type:str]
tailscale:
authKey: ENC[AES256_GCM,data:nOxCntC28235lk47BRpIPuNRwmp87DbEY8c3QHIZLXfLvS+U1neoNNlAZ8ThQd4addLoPrJRH0LgDiWAUQ==,iv:7ymbpb78mdXm1/MaGe/ZrsJv8zYQNGm3//Hud7lCgPY=,tag:Wuwf2EKz2RBsaEbrxyNQ0w==,type:str]
sops:
kms: []
gcp_kms: []
@ -71,8 +73,8 @@ sops:
Q0VudEFzRUFGWlNJcHc0VzZJUVRwbHMKjTMUFFbHhDeP7QLmR64yqDEh4naazL9f
etbOvYUkgj4IaB9UgDerG4MjyyHiVVY9Md8Jqe3dOQN0rqXRxNOW1g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-15T19:11:54Z"
mac: ENC[AES256_GCM,data:OR2ibRtOtUwIuQ27c5PHRzdvKoTGMl4Ll7/hmuIB40amBqs54Cku/SEOqw2kHG31ii3cK5XbyaR6tC8Lvu07tn1iutbU8WjN8Ww+txr0FgdbeTYRIWr9aClAKmR3Ek1Ky2NsA2OaTm02Um6W0xX78Ran04Gjuf8vpaXSRYVsPbA=,iv:w9M3O5DHlm7Jq9vjfxaq34petJtgMeEUHZ0fZKycOjs=,tag:ShLvjfZJV3FARa4An+YfQA==,type:str]
lastmodified: "2024-07-22T20:27:25Z"
mac: ENC[AES256_GCM,data:zIY2DotoqnJmz/aBRHq+4ZLi/Smi1Bn4phmFsngMY1w0LVauKX95jwKwOhE0PfvIyd8E54N+BoCQ3QmRMv3uvBddScPNSGJgdgDRn8LDWol4/8avDoPFISpNvdS32Ac00UDnMeBEkW4S/oo9CwYHCpEsiwjL6FgjCX/KOK++kzA=,iv:sGCFNJ6gsEOskMlLWUnR9Gnsp8Emc0vdBAl4WN2A1f8=,tag:fHi4CR+exp1roW7UOzhMmQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1