+tailscale age

This commit is contained in:
m3tam3re 2023-04-14 07:24:45 +02:00
parent 51ab101f6e
commit 1afc81f297
8 changed files with 45 additions and 4 deletions

View File

@ -31,6 +31,7 @@
secrets = { secrets = {
mj-smtp-user.file = ../../secrets/mj-smtp-user.age; mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age; mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
tailscale-key.file = ../../secrets/tailscale-key.age;
n8n-env = { n8n-env = {
file = ../../secrets/n8n-env.age; file = ../../secrets/n8n-env.age;

View File

@ -29,7 +29,7 @@
fi fi
# otherwise authenticate with tailscale # otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --advertise-exit-node -authkey tskey-auth-kwmqT37CNTRL-AxiaTDedQJ6YZts2deRtH6PEBDwh9PxXK ${tailscale}/bin/tailscale up --advertise-exit-node lkk-nix-1 -authkey $(cat /run/agenix/tailscale-key)
''; '';
}; };
} }

View File

@ -106,6 +106,13 @@ in {
}; };
programs.fish.enable = true; programs.fish.enable = true;
age = {
secrets = {
tailscale-key.file = ../../secrets/tailscale-key.age;
};
identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ];
};
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "de_DE.utf8"; i18n.defaultLocale = "de_DE.utf8";
console.keyMap = "de"; console.keyMap = "de";

View File

@ -0,0 +1,30 @@
{ pkgs, ... }: {
services.tailscale = { enable = true; };
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey $(cat /run/agenix/tskey-reusable)
'';
};
}

View File

@ -1,5 +1,8 @@
{ pkgs, ... }: { { pkgs, ... }: {
services.tailscale = { enable = true; }; services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
systemd.services.tailscale-autoconnect = { systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale"; description = "Automatic connection to Tailscale";
@ -24,7 +27,7 @@
fi fi
# otherwise authenticate with tailscale # otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey tskey-auth-kwmqT37CNTRL-AxiaTDedQJ6YZts2deRtH6PEBDwh9PxXK ${tailscale}/bin/tailscale up --exit-node lkk-nix-1 -authkey $(cat /run/agenix/tailscale-key)
''; '';
}; };
} }

View File

@ -11,7 +11,7 @@ in {
"searx-environmentFile.age".publicKeys = [ root ]; "searx-environmentFile.age".publicKeys = [ root ];
"wg-easy-environmentFile.age".publicKeys = [ root ]; "tailscale-key.age".publicKeys = [ root ];
"briefkasten-env.age".publicKeys = [ root ]; "briefkasten-env.age".publicKeys = [ root ];

BIN
secrets/tailscale-key.age Normal file

Binary file not shown.

Binary file not shown.