fuckwit/nix-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Activity

fix formatting and add tailscale

Browse Source
This commit is contained in:
fuckwit 2024-04-26 23:36:33 +02:00
parent e711e0cbc0
commit 20f1c33d5a
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/celestia/configuration.nix
View File

@ -32,6 +32,7 @@
in { in {
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets."acme.env" = {}; sops.secrets."acme.env" = {};
sops.secrets."tailscale-auth-key" = {};
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -91,7 +92,6 @@ in {
users.groups.nas.gid = 2000; users.groups.nas.gid = 2000;
users.users.nginx.extraGroups = ["acme"]; users.users.nginx.extraGroups = ["acme"];
environment = { environment = {
etc = { etc = {
"sysconfig/lm_sensors".text = '' "sysconfig/lm_sensors".text = ''
@ -119,6 +119,14 @@ in {
}; };
services = { services = {
tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "both";
extraUpFlags = ["--advertise-routes=192.168.1.11/32"];
authKeyFile = config.sops.secrets."tailscale-auth-key".path;
};
dnscrypt-proxy2 = { dnscrypt-proxy2 = {
enable = true; enable = true;
settings = { settings = {

5
nixos/celestia/secrets.yaml
View File

@ -1,4 +1,5 @@
acme.env: ENC[AES256_GCM,data:VgSJO2Q32csfN0DEH6kTsaN0z/hRa0fRHLUleju+gqBPjoQmZGIQjlLKHzj1Ys3zS591iVRkeYExBGyCPakPIJo=,iv:sOIPofteCvO4Na+z8qw7EjfJ6CEr83kYaonhUCgFwA4=,tag:RhHGyTrmdY4f8QkQ0DhhJw==,type:str] acme.env: ENC[AES256_GCM,data:VgSJO2Q32csfN0DEH6kTsaN0z/hRa0fRHLUleju+gqBPjoQmZGIQjlLKHzj1Ys3zS591iVRkeYExBGyCPakPIJo=,iv:sOIPofteCvO4Na+z8qw7EjfJ6CEr83kYaonhUCgFwA4=,tag:RhHGyTrmdY4f8QkQ0DhhJw==,type:str]
tailscale-auth-key: ENC[AES256_GCM,data:Rvq2wL9civCoH6acKk3lYIXbVAME+kUmeuQYOTl+rvdb5bFoI5i688qI58ceF47PGKi1jeXe46SkJGJe0iY=,iv:b0kavSFEG40Jxa3yAjttarN5N3nOLEbZYqP3LOXvBrU=,tag:cpgYzoX9L6+1IHnmjfZfQg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -14,8 +15,8 @@ sops:
K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM
wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg== wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-25T08:01:53Z" lastmodified: "2024-04-21T19:42:27Z"
mac: ENC[AES256_GCM,data:XZ4KGGJjleVpmIn780mHLCnEy24ZZHOwJz2xtZLUgHX7HN1OVYSOui18yS2TUQ8A0/aaoudjc6o/5h1emeWryFPn/Hx3E/8TaQgs1kBBbn+yIDxDeyZt8+iI1DrzFpI376u1lLUFA1TeMfPC0J4WORKJeh7NhKN0DlhZetpKVN0=,iv:XDddEP3/+eeoDK9/DRlg0Wu8bZVg86X8ncC/HO8qYeA=,tag:39lnmz58x+zkbvMvPVh0Fw==,type:str] mac: ENC[AES256_GCM,data:1LZ/jcx2yOW5OgWYmGlu8ySpOLrvLTmyAc8CrK6gKDeoc/VN5RuRapwkGD6XfgDaUvMCccgcRpyL5QDPPdRw6zzwpW4Ce1hreOoC1zV23TNDuAbn1G+gFjlJ2l5IEY6EZeNoWsOC2ID16HRwls1Bau1+hcWKefFYNVjE3+3l16U=,iv:9FFP84Be7UzfuLz/FnFtvOXmudccMq1jFDGXJUN0t48=,tag:U9SOsMUbHm8hzZnS3yK1Lg==,type:str]
pgp: pgp:
- created_at: "2024-01-25T08:00:56Z" - created_at: "2024-01-25T08:00:56Z"
enc: |- enc: |-