From fea8be8925c9ed2ccddfddc60c684772e634eabc Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Sat, 22 Mar 2025 22:09:29 -0400 Subject: [PATCH] Reenable tailscale on nixnuc --- modules/hosts/nixos/nixnuc/default.nix | 15 +++++++++++++++ modules/hosts/nixos/nixnuc/secrets.yaml | 8 ++++---- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix index c2873f1..a5fe1bc 100644 --- a/modules/hosts/nixos/nixnuc/default.nix +++ b/modules/hosts/nixos/nixnuc/default.nix @@ -529,6 +529,18 @@ in { openDefaultPorts = true; guiAddress = "0.0.0.0:8384"; }; + tailscale = { + enable = true; + authKeyFile = config.sops.secrets.tailscale_key.path; + extraUpFlags = [ + "--advertise-exit-node" + "--operator" + "${username}" + "--ssh" + "--advertise-routes=192.168.20.0/22" + ]; + useRoutingFeatures = "both"; + }; telegraf = { enable = true; extraConfig = { @@ -631,6 +643,9 @@ in { }; mealie.mode = "0444"; nextcloud_admin_pass.owner = config.users.users.nextcloud.name; + tailscale_key = { + restartUnits = [ "tailscaled-autoconnect.service" ]; + }; uptimekuma_grafana_api_key = { owner = config.users.users.prometheus.name; restartUnits = ["prometheus.service"]; diff --git a/modules/hosts/nixos/nixnuc/secrets.yaml b/modules/hosts/nixos/nixnuc/secrets.yaml index 38e1f32..ccdfa85 100644 --- a/modules/hosts/nixos/nixnuc/secrets.yaml +++ b/modules/hosts/nixos/nixnuc/secrets.yaml @@ -1,4 +1,4 @@ -tailscale_key: ENC[AES256_GCM,data:aB3KUD4QYm+ZDrjjLcU3gQ8kneVGkVYBsrkVcioOhxunal2FekLDrpKxJwNXuiwx2M5vipnGAEPO,iv:e+tPPfVYkv4U0KRGwspWb1O3ZQom/WFFGm9H9cd/KKE=,tag:ZG5z1C18bj1L7DcGzunQ0w==,type:str] +tailscale_key: ENC[AES256_GCM,data:d6Fgyr6SXhj3/rVu+KvNqHUODIH6aFqL+eKaITO7zRVhwrwRxcHVT901Ts8RjkMhZjWHOlC45AUBA/ZMFA==,iv:X22cerxp5Ak/nWTQAvy2/cN6zqfarg4mJhKmYAzeqIQ=,tag:b5jNpanzIYGaUEoTJzwh1g==,type:str] local_git_config: ENC[AES256_GCM,data:P5a6cABRQOA5apaDHdDcTEyXFMbewO/G0Jx9JR7REEH9r32eKKN7lGSfw79oG2jrbrlTtAgSvrbCWx0xaMbiGON0164SKX3zU9whOgljNzgqxVI32KxeWHe9ljef/Gj9y4Q0zedKF4M93qv5CmeZKn6+mK0ltctZANdXbEI=,iv:Dh8JOHqxCJ82OVE8EW4XEaamZBZ+dn+OHi5bPx6ksDs=,tag:JqfHmsdATxfn1IeVSwV8iA==,type:str] local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str] home_assistant_token: ENC[AES256_GCM,data:fNpoH60rXAsoVx/NBoDobDw/e6IoeoZfef1uDR7HbmnHNI101b+kQKkB8wBXEDLf7MlqlXVc1ExlgYFUo7+h2msx4WZUCGzuHtp1cMP0O9s2PZoQU8KQM2Frd69vOUcOT5y5ShJZPRrf6H2UKrm//3jE9zDOxxy3cQj6Q+jQLXX4AfZ12JAKzSiee9URWdU8eCHbnquUl1RNHF7zZQ8Mr9m41sBOrpBXt7ErsrhxxRhwlk7qprLt,iv:1j/QmOkLYd7nA+wXS49drBHU09HzMP3XxPbPdaErV6E=,tag:ftyOeNaN5PwNebeMPNAmTg==,type:str] @@ -23,8 +23,8 @@ sops: bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-15T02:20:47Z" - mac: ENC[AES256_GCM,data:/VFHsvWL2VVKj46pyKh14Pkqo+DFA2RCDI6ksI4IsxpPpvPKcp6js6FM45a9NZZhTD3OPxGSE/ONIZ2+rLCW9swJ+fdsQzZrWi7kuu9NuuRcdSUQu+6McEsP5haWQ/R6qa9dkVQGxS9zH+2YHEeUY3voINYCmV5jVTFD1U5l1eo=,iv:qhWKkvHnkT0oD9IvFw0oAzYE/lIzNGWpA0cnz4lrYis=,tag:/LlZ7y4T2ntwb2U+BljLUg==,type:str] + lastmodified: "2025-02-27T21:28:57Z" + mac: ENC[AES256_GCM,data:qbIFWOr7YtdAaN1IPhF/FOT3v0Pf9gABXEh3hQlE01ENRj0ImsEJ7XCuK/+C+ARitXKqM57qgBLkPnO3AzNiwAVwlzUVFNU8JUel6mlRd5AHiD62bjEo+Tvb9fnVLSJ+/XxNNQIUjqZu6lQlsOKJ+0IVc3SuCltRnwU0phnapjE=,iv:RNxvKNkTrjqyv5/3flhrNCdR6cJtcDxFNHlyvN9aFUI=,tag:cFEdR7KR7cBzf6iPbI8nTw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4