tailscale exit node support

2025-02-14 12:38:55 +01:00 · 2025-02-14 12:38:55 +01:00 · 0f2c8049fd
commit 0f2c8049fd
parent b42a8d1c99
5 changed files with 114 additions and 163 deletions
--- a/flake.lock
+++ b/flake.lock
@ -68,11 +68,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737504076,
-        "narHash": "sha256-/B4XJnzYU/6K1ZZOBIgsa3K4pqDJrnC2579c44c+4rI=",
+        "lastModified": 1739229629,
+        "narHash": "sha256-zUWKsviMuelgB4PJNJuLZi/yvHnaLb1wZ9mOATjj9eM=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "65cc1fa8e36ceff067daf6cfb142331f02f524d3",
+        "rev": "a36049dac55b6b00536ce8fb601ad3dd1cd8ba8c",
        "type": "github"
      },
      "original": {
@ -140,24 +140,6 @@
      "inputs": {
        "systems": "systems_4"
      },
-      "locked": {
-        "lastModified": 1685518550,
-        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_4": {
-      "inputs": {
-        "systems": "systems_5"
-      },
      "locked": {
        "lastModified": 1710146030,
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@ -195,11 +177,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1737712207,
-        "narHash": "sha256-giqE4cwl2CohY4bHhxLSRxfZYHSH/9cRM5Vx9Vr1Va0=",
+        "lastModified": 1738683842,
+        "narHash": "sha256-Igl76UYv7D/aJ7K7CbZxlBvmvzbfyNK7DOfw+Ub+M5Y=",
        "owner": "SofusA",
        "repo": "helix-pull-diagnostics",
-        "rev": "c13d3225783ffcec56b6bcd63616236eddaefad5",
+        "rev": "3fb39042d480bb6e24b8473ff1eb31058846f55f",
        "type": "github"
      },
      "original": {
@ -274,11 +256,11 @@
      },
      "locked": {
        "dir": "nix",
-        "lastModified": 1736194159,
-        "narHash": "sha256-YGwh6ntcQdE8vE3F5NYM4q1nroJZOtzZed2eWgCqCW0=",
+        "lastModified": 1737910997,
+        "narHash": "sha256-Q9g8erFLGov37CdtMcVm5V/u+PMtwQa7lVz4oIz43sQ=",
        "ref": "feat-tap-overlap",
-        "rev": "7fc983117bfd39c8e0225fa0ae20293c8248dba5",
-        "revCount": 901,
+        "rev": "3b653692891c0231e7cc8844e142008296448217",
+        "revCount": 912,
        "type": "git",
        "url": "https://github.com/jokesper/kmonad"
      },
@ -324,23 +306,6 @@
        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"
      }
    },
-    "lolpizza": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_2",
-        "pnpm2nix": "pnpm2nix"
-      },
-      "locked": {
-        "lastModified": 1729255849,
-        "narHash": "sha256-P9Dw2s1LL0xluiJyRMXz+STza75UYTvS3oegpE3S3zs=",
-        "path": "/nix/store/v48mn8cw1hgswjifw9nin7v73mdvh3aq-source",
-        "rev": "6989a9dc030ce99589758d0cea682c3011a6ea31",
-        "type": "path"
-      },
-      "original": {
-        "id": "lolpizza",
-        "type": "indirect"
-      }
-    },
    "miro": {
      "flake": false,
      "locked": {
@ -359,11 +324,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1737751639,
-        "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=",
+        "lastModified": 1738816619,
+        "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4",
+        "rev": "2eccff41bab80839b1d25b303b53d339fbb07087",
        "type": "github"
      },
      "original": {
@ -375,11 +340,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1737469691,
-        "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
+        "lastModified": 1728018373,
+        "narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
+        "rev": "bc947f541ae55e999ffdb4013441347d83b00feb",
        "type": "github"
      },
      "original": {
@ -419,11 +384,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1737879851,
-        "narHash": "sha256-H+FXIKj//kmFHTTW4DFeOjR7F1z2/3eb2iwN6Me4YZk=",
+        "lastModified": 1739229610,
+        "narHash": "sha256-se+XO93QNFc9Krf7pf5TvR4lKC6jh+oWV/+EomsMeZ8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5d3221fd57cc442a1a522a15eb5f58230f45a304",
+        "rev": "ba4ca7f603ef577e16e76900e6be48329339d50e",
        "type": "github"
      },
      "original": {
@ -435,27 +400,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1718437845,
-        "narHash": "sha256-ZT7Oc1g4I4pHVGGjQFnewFVDRLH5cIZhEzODLz9YXeY=",
+        "lastModified": 1739055578,
+        "narHash": "sha256-2MhC2Bgd06uI1A0vkdNUyDYsMD0SLNGKtD8600mZ69A=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "752c634c09ceb50c45e751f8791cb45cb3d46c9e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1737672001,
-        "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8",
+        "rev": "a45fa362d887f4d4a7157d95c28ca9ce2899b70e",
        "type": "github"
      },
      "original": {
@ -465,7 +414,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1728538411,
        "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=",
@ -481,6 +430,22 @@
        "type": "github"
      }
    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1735471104,
+        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "pandoc-latex-template": {
      "flake": false,
      "locked": {
@ -497,28 +462,6 @@
        "type": "github"
      }
    },
-    "pnpm2nix": {
-      "inputs": {
-        "flake-utils": "flake-utils_3",
-        "nixpkgs": [
-          "lolpizza",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1685983557,
-        "narHash": "sha256-zzSsezK3YEvdZ/8+xnJELmimfKo12xxjC7tFdjsgH/0=",
-        "owner": "nzbr",
-        "repo": "pnpm2nix-nzbr",
-        "rev": "50b3587d90ea72640447ec4ed5604dabcfe06606",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nzbr",
-        "repo": "pnpm2nix-nzbr",
-        "type": "github"
-      }
-    },
    "root": {
      "inputs": {
        "agenix": "agenix",
@ -528,10 +471,9 @@
        "impermanence": "impermanence",
        "kmonad": "kmonad",
        "lix-module": "lix-module",
-        "lolpizza": "lolpizza",
        "miro": "miro",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_2",
        "nixpkgs-darwin": "nixpkgs-darwin",
        "nixpkgs-master": "nixpkgs-master",
        "pandoc-latex-template": "pandoc-latex-template",
@ -540,22 +482,23 @@
        "utils": "utils",
        "wired": "wired",
        "x": "x",
-        "xynoblog": "xynoblog"
+        "xynoblog": "xynoblog",
+        "zen-browser": "zen-browser"
      }
    },
    "roslyn-language-server": {
      "inputs": {
-        "flake-utils": "flake-utils_4",
+        "flake-utils": "flake-utils_3",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1737351724,
-        "narHash": "sha256-CdRXZaEAXurgO6sGl5akhW+LuwhMvY90ToPlk1h+QcA=",
+        "lastModified": 1739209199,
+        "narHash": "sha256-IXemY38IgENRcnBw2/0hBkUU8dNwZr+kzrrVQd4EH/o=",
        "owner": "sofusa",
        "repo": "roslyn-language-server",
-        "rev": "8f237c172dbb52ab763fefa757a7350cf074dbec",
+        "rev": "e1e9831f8fc83121f87516b00401cca409392c29",
        "type": "github"
      },
      "original": {
@ -587,7 +530,7 @@
    },
    "rust-overlay_2": {
      "inputs": {
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1730341826,
@ -694,24 +637,9 @@
        "type": "github"
      }
    },
-    "systems_6": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
    "utils": {
      "inputs": {
-        "systems": "systems_6"
+        "systems": "systems_5"
      },
      "locked": {
        "lastModified": 1731533236,
@ -788,6 +716,24 @@
        "repo": "blog",
        "type": "github"
      }
+    },
+    "zen-browser": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1739161281,
+        "narHash": "sha256-cMM5E5EzEnfQFdBurCVqCi9mhsmRCeaEJB4iskPsQ1o=",
+        "owner": "0xc000022070",
+        "repo": "zen-browser-flake",
+        "rev": "0e962f036e6e2a9dde28f37d80104c7ea477a801",
+        "type": "github"
+      },
+      "original": {
+        "owner": "0xc000022070",
+        "repo": "zen-browser-flake",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -31,6 +31,7 @@
    wired.url = "github:Toqozz/wired-notify";
    roslyn-language-server.url = "github:sofusa/roslyn-language-server";
    roslyn-language-server.inputs.nixpkgs.follows = "nixpkgs";
+    zen-browser.url = "github:0xc000022070/zen-browser-flake";


    kmonad = {
@ -92,7 +93,7 @@
    , darwin
    , utils
    , xynoblog
-    , lolpizza
+    # , lolpizza
    , lix-module
    , kmonad
    , wired
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@ -72,19 +72,19 @@
      }
    '';
    virtualHosts."*.ragon.xyz".extraConfig = ''
-      @8081 host 8081.ragon.xyz
-      handle @8081 {
-        reverse_proxy http://[::1]:8081
-      }
-      @files host files.ragon.xyz
-      handle @files {
-        encode zstd gzip
-        root * /srv/www
-        file_server browse
-        basicauth * {
-          {$BAUSER} {$BAPASSWD}
-        }
-      }
+      # @8081 host 8081.ragon.xyz
+      # handle @8081 {
+      #   reverse_proxy http://[::1]:8081
+      # }
+      # @files host files.ragon.xyz
+      # handle @files {
+      #   encode zstd gzip
+      #   root * /srv/www
+      #   file_server browse
+      #   basicauth * {
+      #     {$BAUSER} {$BAPASSWD}
+      #   }
+      # }
      @bw host bw.ragon.xyz
      handle @bw {
        reverse_proxy http://${config.services.vaultwarden.config.rocketAddress}:${toString config.services.vaultwarden.config.rocketPort}
@ -257,7 +257,7 @@ all the robots are on <a href="https://catgirl.cloud">catgirl.cloud</a> mew :3
    })
  ];
  services.xynoblog.enable = true;
-  services.lolpizza2.enable = true;
+  # services.lolpizza2.enable = true;
  programs.mosh.enable = true;

  home-manager.users.ragon = { pkgs, lib, inputs, config, ... }: {
--- a/hosts/theseus/default.nix
+++ b/hosts/theseus/default.nix
@ -63,6 +63,7 @@
  programs.sway.enable = true;
  programs.nix-ld.enable = true;
  programs.gamescope.enable = true;
+  programs.wireshark.enable = true;
  services.gnome.sushi.enable = true;
  services.gnome.gnome-settings-daemon.enable = true;
  services.gvfs.enable = true;
@ -107,7 +108,7 @@
  services.displayManager.defaultSession = "river";
  programs.river.enable = true;
  services.upower.enable = true;
-  users.users.ragon.extraGroups = [ "networkmanager" "video" "netdev" "plugdev" "dialout" "tape" "uucp" ];
+  users.users.ragon.extraGroups = [ "networkmanager" "video" "netdev" "plugdev" "dialout" "tape" "uucp" "wireshark" ];
  fonts.packages = with pkgs; [
    nerdfonts
    cantarell-fonts
@ -224,6 +225,8 @@
      ptyxis
      appimage-run
      unstable.keepassxc
+      # unstable.zenbrowser
+      inputs.zen-browser.packages."${pkgs.system}".default

      # filezilla

--- a/nixos-modules/networking/tailscale.nix
+++ b/nixos-modules/networking/tailscale.nix
@ -12,11 +12,12 @@ in
      "/var/lib/tailscale"
    ];
    services.tailscale.enable = true;
-    ragon.agenix.secrets.tailscaleKey = { };
-    boot.kernel.sysctl = lib.mkIf cfg.exitNode {
-      "net.ipv4.ip_forward" = 1;
-      "net.ipv6.conf.all.forwarding" = 1;
-    };
+    services.tailscale.useRoutingFeatures = "server";
+    # ragon.agenix.secrets.tailscaleKey = { };
+    # boot.kernel.sysctl = lib.mkIf cfg.exitNode {
+    #   "net.ipv4.ip_forward" = 1;
+    #   "net.ipv6.conf.all.forwarding" = 1;
+    # };
    networking.firewall = {
      # always allow traffic from your Tailscale network
      trustedInterfaces = [ "tailscale0" ];
@ -26,31 +27,31 @@ in
      # allow the Tailscale UDP port through the firewall
      allowedUDPPorts = [ config.services.tailscale.port ];
    };
-    systemd.services.tailscale-autoconnect = {
-      description = "Automatic connection to Tailscale";
+    # systemd.services.tailscale-autoconnect = {
+    #   description = "Automatic connection to Tailscale";

-      # make sure tailscale is running before trying to connect to tailscale
-      after = [ "network-pre.target" "tailscale.service" ];
-      wants = [ "network-pre.target" "tailscale.service" ];
-      wantedBy = [ "multi-user.target" ];
+    #   # make sure tailscale is running before trying to connect to tailscale
+    #   after = [ "network-pre.target" "tailscale.service" ];
+    #   wants = [ "network-pre.target" "tailscale.service" ];
+    #   wantedBy = [ "multi-user.target" ];

-      # set this service as a oneshot job
-      serviceConfig.Type = "oneshot";
+    #   # set this service as a oneshot job
+    #   serviceConfig.Type = "oneshot";

-      # have the job run this shell script
-      script = with pkgs; ''
-        # wait for tailscaled to settle
-        sleep 2
+    #   # have the job run this shell script
+    #   script = with pkgs; ''
+    #     # wait for tailscaled to settle
+    #     sleep 2

-        # check if we are already authenticated to tailscale
-        status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
-        if [ $status = "Running" ]; then # if so, then do nothing
-          exit 0
-        fi
-        key=$(<${config.age.secrets.tailscaleKey.path})
-        # otherwise authenticate with tailscale
-        ${tailscale}/bin/tailscale up -authkey $key ${lib.optionalString cfg.exitNode "--advertise-exit-node"} ${cfg.extraUpCommands}
-      '';
-    };
+    #     # check if we are already authenticated to tailscale
+    #     status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
+    #     if [ $status = "Running" ]; then # if so, then do nothing
+    #       exit 0
+    #     fi
+    #     key=$(<${config.age.secrets.tailscaleKey.path})
+    #     # otherwise authenticate with tailscale
+    #     ${tailscale}/bin/tailscale up -authkey $key ${lib.optionalString cfg.exitNode "--advertise-exit-node"} ${cfg.extraUpCommands}
+    #   '';
+    # };
  };
 }