pvsr.dev / nixfiles
NixOS system configurations + dotfiles via home-manager
fork atom

remove headscale and tailscale

pvsr.dev bb874b4f 0a38e138

options
unified split
Changed files
+6 -120
flake.lock
flake.nix
hosts
crossbell
default.nix
modules
machines.nix
nixos.nix
tailscale.nix
tsnsrv.nix
-24
flake.lock
··· 559 559 "srcery-textmate": "srcery-textmate", 560 560 "srcery-tmux": "srcery-tmux", 561 561 "srvos": "srvos", 562 - "tsnsrv": "tsnsrv", 563 562 "weather": "weather" 564 563 } 565 564 }, ··· 673 672 "original": { 674 673 "owner": "nix-systems", 675 674 "repo": "default", 676 - "type": "github" 677 - } 678 - }, 679 - "tsnsrv": { 680 - "inputs": { 681 - "flake-parts": [ 682 - "flake-parts" 683 - ], 684 - "nixpkgs": [ 685 - "nixpkgs" 686 - ] 687 - }, 688 - "locked": { 689 - "lastModified": 1759265704, 690 - "narHash": "sha256-b0d0lfERd3+N/K0oq4YsX2pSMGh5HX5D6ocehEoJjeU=", 691 - "owner": "boinkor-net", 692 - "repo": "tsnsrv", 693 - "rev": "a4e47c178e0bdd4da72fad6f0dd2dea6b89d2d25", 694 - "type": "github" 695 - }, 696 - "original": { 697 - "owner": "boinkor-net", 698 - "repo": "tsnsrv", 699 675 "type": "github" 700 676 } 701 677 },
-3
flake.nix
··· 26 26 niri.url = "github:sodiboo/niri-flake"; 27 27 niri.inputs.nixpkgs.follows = "nixpkgs"; 28 28 niri.inputs.nixpkgs-stable.follows = "nixpkgs"; 29 - tsnsrv.url = "github:boinkor-net/tsnsrv"; 30 - tsnsrv.inputs.nixpkgs.follows = "nixpkgs"; 31 - tsnsrv.inputs.flake-parts.follows = "flake-parts"; 32 29 33 30 qbpm.url = "github:pvsr/qbpm"; 34 31 qbpm.inputs.nixpkgs.follows = "nixpkgs";
+6 -46
hosts/crossbell/default.nix
··· 41 41 "comics.peterrice.xyz" = "ruan.ygg.pvsr.dev:19191"; 42 42 "weather.peterrice.xyz" = "ruan.ygg.pvsr.dev:15658"; 43 43 "calendar.peterrice.xyz" = "ruan.ygg.pvsr.dev:52032"; 44 - "tailscale.peterrice.xyz" = "localhost:9753"; 45 44 }; 46 45 }; 47 46 48 - services = { 49 - headscale.enable = config.services.tailscale.enable; 50 - headscale.address = "127.0.0.1"; 51 - headscale.port = 9753; 52 - headscale.settings = { 53 - ip_prefixes = [ 54 - "100.64.0.0/10" 55 - "fd28:b7:d8::/48" 56 - ]; 57 - server_url = "https://tailscale.peterrice.xyz"; 58 - dns.base_domain = "ts.peterrice.xyz"; 59 - dns.magic_dns = true; 60 - dns.nameservers.global = [ 61 - "185.71.138.138" 62 - "2001:67c:930::1" 63 - ]; 64 - dns.override_local_dns = true; 65 - policy.path = builtins.toFile "acl.json" ( 66 - builtins.toJSON { 67 - acls = [ 68 - { 69 - action = "accept"; 70 - src = [ "*" ]; 71 - dst = [ "*:*" ]; 72 - } 73 - ]; 74 - ssh = [ 75 - { 76 - action = "accept"; 77 - src = [ "${config.local.user.name}@" ]; 78 - dst = [ "*" ]; 79 - users = [ config.local.user.name ]; 80 - } 81 - ]; 82 - } 83 - ); 84 - }; 85 - 86 - openssh.listenAddresses = [ 87 - { 88 - addr = "0.0.0.0"; 89 - port = 18325; 90 - } 91 - ]; 92 - }; 47 + services.openssh.listenAddresses = [ 48 + { 49 + addr = "0.0.0.0"; 50 + port = 18325; 51 + } 52 + ]; 93 53 94 54 networking.firewall.allowedTCPPorts = [ 18325 ]; 95 55
-1
modules/machines.nix
··· 11 11 inputs.nixos-hardware.nixosModules.common-gpu-amd 12 12 ]; 13 13 networking.useHostResolvConf = false; 14 - services.tailscale.enable = false; 15 14 # TODO get agenix working in containers for real? 16 15 age.identityPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; 17 16 };
-1
modules/nixos.nix
··· 68 68 userCfg = config.users.users.${username}; 69 69 variant = { 70 70 nixpkgs.hostPlatform = "x86_64-linux"; 71 - services.tailscale.enable = false; 72 71 users.users.root.hashedPasswordFile = lib.mkForce null; 73 72 users.users.${username} = { 74 73 password = "";
-25
modules/tailscale.nix
··· 1 - { 2 - flake.modules.nixos.core = 3 - { config, lib, ... }: 4 - let 5 - id = toString config.local.id; 6 - in 7 - { 8 - options.local.tailscale.ip = lib.mkOption { 9 - readOnly = true; 10 - default = if config.services.tailscale.enable then "100.64.0.${id}" else "127.0.0.1"; 11 - }; 12 - 13 - config = { 14 - services.tailscale.enable = lib.mkDefault true; 15 - networking.firewall.checkReversePath = "loose"; 16 - systemd.network.wait-online.ignoredInterfaces = [ "tailscale0" ]; 17 - networking.firewall.trustedInterfaces = [ "tailscale0" ]; 18 - boot.kernel.sysctl = { 19 - "net.ipv4.ip_forward" = true; 20 - "net.ipv6.conf.all.forwarding" = true; 21 - }; 22 - environment.persistence.nixos.directories = [ "/var/lib/tailscale" ]; 23 - }; 24 - }; 25 - }
-20
modules/tsnsrv.nix
··· 1 - { self, inputs, ... }: 2 - { 3 - flake.modules.nixos.tsnsrv = 4 - { config, lib, ... }: 5 - { 6 - imports = [ inputs.tsnsrv.nixosModules.default ]; 7 - 8 - config = lib.mkIf (config.services.tsnsrv.services != { }) { 9 - services.tsnsrv = { 10 - enable = true; 11 - defaults.loginServerUrl = "https://tailscale.peterrice.xyz"; 12 - defaults.authKeyPath = "/run/ts-authkey"; 13 - }; 14 - 15 - systemd.tmpfiles.rules = [ "f /run/ts-authkey 0600 root root -" ]; 16 - }; 17 - }; 18 - 19 - flake.modules.nixos.core.imports = [ self.modules.nixos.tsnsrv ]; 20 - }