From 80c9aed243afcd613be505be6fbeb506b9dce3ea Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Fri, 14 Apr 2023 06:23:31 +0200 Subject: [PATCH] +tailscale --- home/features/desktop/espanso.nix | 2 +- hosts/lkk-nix-1/default.nix | 1 - hosts/lkk-nix-1/services/default.nix | 1 + hosts/lkk-nix-1/services/tailscale.nix | 36 ++++++++++++++++++++++++++ hosts/m3-nix/default.nix | 17 ++---------- hosts/m3-nix/services/default.nix | 3 ++- hosts/m3-nix/services/tailscale.nix | 30 +++++++++++++++++++++ 7 files changed, 72 insertions(+), 18 deletions(-) create mode 100644 hosts/lkk-nix-1/services/tailscale.nix create mode 100644 hosts/m3-nix/services/tailscale.nix diff --git a/home/features/desktop/espanso.nix b/home/features/desktop/espanso.nix index 0024593..258f494 100644 --- a/home/features/desktop/espanso.nix +++ b/home/features/desktop/espanso.nix @@ -1,3 +1,3 @@ { - services.espanso.enable = true; + #services.espanso.enable = true; } diff --git a/hosts/lkk-nix-1/default.nix b/hosts/lkk-nix-1/default.nix index 63a2218..33c6f61 100644 --- a/hosts/lkk-nix-1/default.nix +++ b/hosts/lkk-nix-1/default.nix @@ -26,7 +26,6 @@ to = 3481; }]; }; - programs.fish.enable = true; age = { secrets = { diff --git a/hosts/lkk-nix-1/services/default.nix b/hosts/lkk-nix-1/services/default.nix index b5a9bd8..f9cd4f7 100644 --- a/hosts/lkk-nix-1/services/default.nix +++ b/hosts/lkk-nix-1/services/default.nix @@ -10,6 +10,7 @@ ./postgres.nix ./searx.nix ./syncthing.nix + ./tailscale.nix ./traefik.nix ]; } diff --git a/hosts/lkk-nix-1/services/tailscale.nix b/hosts/lkk-nix-1/services/tailscale.nix new file mode 100644 index 0000000..681dac5 --- /dev/null +++ b/hosts/lkk-nix-1/services/tailscale.nix @@ -0,0 +1,36 @@ +{ pkgs, ... }: { + services.tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; + networking.firewall = { + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; + systemd.services.tailscale-autoconnect = { + description = "Automatic connection to Tailscale"; + + # make sure tailscale is running before trying to connect to tailscale + after = [ "network-pre.target" "tailscale.service" ]; + wants = [ "network-pre.target" "tailscale.service" ]; + wantedBy = [ "multi-user.target" ]; + + # set this service as a oneshot job + serviceConfig.Type = "oneshot"; + + # have the job run this shell script + script = with pkgs; '' + # wait for tailscaled to settle + sleep 2 + + # check if we are already authenticated to tailscale + status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi + + # otherwise authenticate with tailscale + ${tailscale}/bin/tailscale up --advertise-exit-node -authkey tskey-auth-kwmqT37CNTRL-AxiaTDedQJ6YZts2deRtH6PEBDwh9PxXK + ''; + }; +} diff --git a/hosts/m3-nix/default.nix b/hosts/m3-nix/default.nix index ae57785..d99750c 100644 --- a/hosts/m3-nix/default.nix +++ b/hosts/m3-nix/default.nix @@ -24,6 +24,7 @@ in { specialisation = { external-display.configuration = { system.nixos.tags = [ "Externer-Monitor" ]; + services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia.prime.offload.enable = lib.mkForce false; hardware.nvidia.powerManagement.finegrained = lib.mkForce false; }; @@ -31,6 +32,7 @@ in { specialisation = { dual-display.configuration = { system.nixos.tags = [ "Dual-Monitor" ]; + services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia.prime.offload.enable = lib.mkForce false; hardware.nvidia.prime.sync.enable = lib.mkForce true; hardware.nvidia.powerManagement.finegrained = lib.mkForce false; @@ -77,21 +79,6 @@ in { # Enable networking networking.networkmanager.enable = true; - networking.wg-quick.interfaces = { - wg0 = { - address = [ "10.8.0.3/24" ]; - privateKeyFile = "/root/wg/peer_m3-nix/privatekey-peer_m3-nix"; - dns = [ "10.88.0.1" ]; - - peers = [{ - publicKey = "Il/nVlX2qzmZMJQ8QAKN+uQdkcK66Wt7MWZn9Vku6Tg="; - presharedKey = "sOgKQCXs+WAEpVvnkqTHlK1ItWpmP/xiexhAJ6oMBJs="; - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "wg.lanakk.com:51820"; - persistentKeepalive = 25; - }]; - }; - }; services.avahi = { enable = true; diff --git a/hosts/m3-nix/services/default.nix b/hosts/m3-nix/services/default.nix index 5e0212c..e6aa7fc 100644 --- a/hosts/m3-nix/services/default.nix +++ b/hosts/m3-nix/services/default.nix @@ -4,8 +4,9 @@ ./flatpak.nix ./sound.nix ./udev.nix + ./tailscale.nix ./virtualization.nix - ./xserver.nix + #./xserver.nix ]; # services.gvfs = { diff --git a/hosts/m3-nix/services/tailscale.nix b/hosts/m3-nix/services/tailscale.nix new file mode 100644 index 0000000..22f7cc9 --- /dev/null +++ b/hosts/m3-nix/services/tailscale.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: { + services.tailscale = { enable = true; }; + + systemd.services.tailscale-autoconnect = { + description = "Automatic connection to Tailscale"; + + # make sure tailscale is running before trying to connect to tailscale + after = [ "network-pre.target" "tailscale.service" ]; + wants = [ "network-pre.target" "tailscale.service" ]; + wantedBy = [ "multi-user.target" ]; + + # set this service as a oneshot job + serviceConfig.Type = "oneshot"; + + # have the job run this shell script + script = with pkgs; '' + # wait for tailscaled to settle + sleep 2 + + # check if we are already authenticated to tailscale + status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi + + # otherwise authenticate with tailscale + ${tailscale}/bin/tailscale up -authkey tskey-auth-kwmqT37CNTRL-AxiaTDedQJ6YZts2deRtH6PEBDwh9PxXK + ''; + }; +}