From 1afc81f297e1315a3bc8e34cf74f729d0169fcb2 Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Fri, 14 Apr 2023 07:24:45 +0200 Subject: [PATCH] +tailscale age --- hosts/lkk-nix-1/default.nix | 1 + hosts/lkk-nix-1/services/tailscale.nix | 2 +- hosts/m3-nix/default.nix | 7 ++++++ hosts/m3-nix/services/#tailscale.nix# | 30 +++++++++++++++++++++++++ hosts/m3-nix/services/tailscale.nix | 7 ++++-- secrets.nix | 2 +- secrets/tailscale-key.age | Bin 0 -> 738 bytes secrets/wg-easy-environmentFile.age | Bin 793 -> 0 bytes 8 files changed, 45 insertions(+), 4 deletions(-) create mode 100644 hosts/m3-nix/services/#tailscale.nix# create mode 100644 secrets/tailscale-key.age delete mode 100644 secrets/wg-easy-environmentFile.age diff --git a/hosts/lkk-nix-1/default.nix b/hosts/lkk-nix-1/default.nix index 595ac9e..49d2f77 100644 --- a/hosts/lkk-nix-1/default.nix +++ b/hosts/lkk-nix-1/default.nix @@ -31,6 +31,7 @@ secrets = { mj-smtp-user.file = ../../secrets/mj-smtp-user.age; mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age; + tailscale-key.file = ../../secrets/tailscale-key.age; n8n-env = { file = ../../secrets/n8n-env.age; diff --git a/hosts/lkk-nix-1/services/tailscale.nix b/hosts/lkk-nix-1/services/tailscale.nix index efd448c..73d8ceb 100644 --- a/hosts/lkk-nix-1/services/tailscale.nix +++ b/hosts/lkk-nix-1/services/tailscale.nix @@ -29,7 +29,7 @@ fi # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up --advertise-exit-node -authkey tskey-auth-kwmqT37CNTRL-AxiaTDedQJ6YZts2deRtH6PEBDwh9PxXK + ${tailscale}/bin/tailscale up --advertise-exit-node lkk-nix-1 -authkey $(cat /run/agenix/tailscale-key) ''; }; } diff --git a/hosts/m3-nix/default.nix b/hosts/m3-nix/default.nix index d99750c..a0d8504 100644 --- a/hosts/m3-nix/default.nix +++ b/hosts/m3-nix/default.nix @@ -106,6 +106,13 @@ in { }; programs.fish.enable = true; + age = { + secrets = { + tailscale-key.file = ../../secrets/tailscale-key.age; + }; + identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ]; + }; + time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "de_DE.utf8"; console.keyMap = "de"; diff --git a/hosts/m3-nix/services/#tailscale.nix# b/hosts/m3-nix/services/#tailscale.nix# new file mode 100644 index 0000000..7313f0e --- /dev/null +++ b/hosts/m3-nix/services/#tailscale.nix# @@ -0,0 +1,30 @@ +{ pkgs, ... }: { + services.tailscale = { enable = true; }; + + systemd.services.tailscale-autoconnect = { + description = "Automatic connection to Tailscale"; + + # make sure tailscale is running before trying to connect to tailscale + after = [ "network-pre.target" "tailscale.service" ]; + wants = [ "network-pre.target" "tailscale.service" ]; + wantedBy = [ "multi-user.target" ]; + + # set this service as a oneshot job + serviceConfig.Type = "oneshot"; + + # have the job run this shell script + script = with pkgs; '' + # wait for tailscaled to settle + sleep 2 + + # check if we are already authenticated to tailscale + status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi + + # otherwise authenticate with tailscale + ${tailscale}/bin/tailscale up -authkey $(cat /run/agenix/tskey-reusable) + ''; + }; +} diff --git a/hosts/m3-nix/services/tailscale.nix b/hosts/m3-nix/services/tailscale.nix index 22f7cc9..0f6f293 100644 --- a/hosts/m3-nix/services/tailscale.nix +++ b/hosts/m3-nix/services/tailscale.nix @@ -1,5 +1,8 @@ { pkgs, ... }: { - services.tailscale = { enable = true; }; + services.tailscale = { + enable = true; + useRoutingFeatures = "client"; + }; systemd.services.tailscale-autoconnect = { description = "Automatic connection to Tailscale"; @@ -24,7 +27,7 @@ fi # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up -authkey tskey-auth-kwmqT37CNTRL-AxiaTDedQJ6YZts2deRtH6PEBDwh9PxXK + ${tailscale}/bin/tailscale up --exit-node lkk-nix-1 -authkey $(cat /run/agenix/tailscale-key) ''; }; } diff --git a/secrets.nix b/secrets.nix index b43eef2..2ab7d69 100644 --- a/secrets.nix +++ b/secrets.nix @@ -11,7 +11,7 @@ in { "searx-environmentFile.age".publicKeys = [ root ]; - "wg-easy-environmentFile.age".publicKeys = [ root ]; + "tailscale-key.age".publicKeys = [ root ]; "briefkasten-env.age".publicKeys = [ root ]; diff --git a/secrets/tailscale-key.age b/secrets/tailscale-key.age new file mode 100644 index 0000000000000000000000000000000000000000..4027041b2eda9b4bad17223b9b8e87bae2bfb11d GIT binary patch literal 738 zcmWmCJ&V&|003YIb;u8JQLu`G7<>87r6@|$q)D45O`2T4PLVWkk~VFVG;h)-6%=t& zT*S>qL|lafe}RIEgNiOLa)XWsB8Z@q`U9TraRRUEMQ&Oq*))!};xxck1X8_JfpAhy zp;HmfxwO4Tl9jBBMl6uShHRy#icZp)1)a>IQCwMRtP`!Luw(L`R4aP9 zz@V&+U^4=Z_+*7H^D@-ZB5O;uZ0;;VTk$0@55*dn^lM{4xO75JJOMWwR=z0Pb%l`o zWKbd&ELN0nx$Syg(LldD$dj4R_&iXQE^Et7Wb{x949tu)2|8wR0kW_8oM!RBt#9_ zP=g*dHM7as%{uw2Me3y%Hv6?Y6Z_DsrvomA?WqUpQRow1xpL&fb(Zu@izYtT6GzB4 zwN1rc$sFrmfd)Nc+0tk%F(J_=Bdo{(C^U84QW7T^-%W%u-e(e9ia39k`U}1`g!}u@|~tFYp}aiZM_*F|7&!w zveh8<9OzZH>zq=#ai-#6I+<2-^7Q34wnXHOhE%K7iYcdl?9zE!sFX9XQQa@mOe~V& zoCSF{Hk2mQqDmu`GaNa1cKyhq;x6;>i}B}L_#r&??O^|~{3*D-`{ww^;zIY<9(!@` z`Dfyu_3Om$yBE#J?_a(;bF=aA(b0E%;nvfy=dYYQ_VcdwWdC5V`daz^`{e!n&e^RW H58nO-s4f8G literal 0 HcmV?d00001 diff --git a/secrets/wg-easy-environmentFile.age b/secrets/wg-easy-environmentFile.age deleted file mode 100644 index 73a3c029e972cdb52d8d0ad91afbcd16441bf31f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 793 zcmWmCP0QPK003}LI|RJ#;K4(O3>{t9y!?~22M2A^ytmCupEd~$O_MY)ZC?I)Pht20 zb{G%BU<|gSegMJ4Un=W zlw~+7N@u`orv=?2enzQl&R{JK!UIV57>ASW_K=8SPwasM}Oq z#^I^=vQk8%3e=sv@29$$lt7N4=TR{)?9vJoCd({p!^3>Ybi0hOV`0p@7%j60SW4ZR z=n|0Y2t{+UpzMLxZNrGw#m%x^pQRyspc;+igaXX{G^Nwj*vJHT3b(Uh#es7S3BMDK zIK+`fwJQiv<7A+srJHmOdp_eX=Us3jw!z4FX3TWabsG((NN`F~lMGDQZs#Gq5Q*Y4nd}5Fn3DutRy=4i-hE3#T%@oL7 zQyJOX$5O=Ct_Q`16ZY(;KCW|hvZj_(g00Qm@YdN;)VkbZDgTId<5fx=7%dwMD1rmo zp!hS#MWhL*lt13se$qn~-S-4k+g1oYSqgPr174G={mdgx>}YP&aWSJM%Gx6DYTW8Z zLE$^4Kd?Xj{FdcRtbsJVfB$AbnA{bY9TsyEe?XMOyUx9hJ zm|#P?#_arbktJdv*5V?eS5To80_A$7h#K3d05Tel27ui;Q=hMw(HP=vq7>0wj

zuCVR&|FZj#h|MLS7h`~Y^4X(*9#{9S9=v{d@6EO6U;iBZ@%!7$Z+@*_y_EiPufG58 zw+GL@{qxDkZ{B`%M@=r@`{MTXUmiZa@$cW4_^S`mAHV$I2jb<`i|zZwS3kY}52Wo9 Axc~qF