xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tailscale exit node support

Browse source
This commit is contained in:
Lucy Hochkamp 2025-02-14 12:38:55 +01:00
parent b42a8d1c99
commit 0f2c8049fd
No known key found for this signature in database
5 changed files with 114 additions and 163 deletions
Download patch file Download diff file Expand all files Collapse all files

186
flake.lock generated
View file

@ -68,11 +68,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1737504076, "lastModified": 1739229629,
"narHash": "sha256-/B4XJnzYU/6K1ZZOBIgsa3K4pqDJrnC2579c44c+4rI=", "narHash": "sha256-zUWKsviMuelgB4PJNJuLZi/yvHnaLb1wZ9mOATjj9eM=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "65cc1fa8e36ceff067daf6cfb142331f02f524d3", "rev": "a36049dac55b6b00536ce8fb601ad3dd1cd8ba8c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -140,24 +140,6 @@
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_4"
}, },
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
},
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@ -195,11 +177,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1737712207, "lastModified": 1738683842,
"narHash": "sha256-giqE4cwl2CohY4bHhxLSRxfZYHSH/9cRM5Vx9Vr1Va0=", "narHash": "sha256-Igl76UYv7D/aJ7K7CbZxlBvmvzbfyNK7DOfw+Ub+M5Y=",
"owner": "SofusA", "owner": "SofusA",
"repo": "helix-pull-diagnostics", "repo": "helix-pull-diagnostics",
"rev": "c13d3225783ffcec56b6bcd63616236eddaefad5", "rev": "3fb39042d480bb6e24b8473ff1eb31058846f55f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -274,11 +256,11 @@
}, },
"locked": { "locked": {
"dir": "nix", "dir": "nix",
"lastModified": 1736194159, "lastModified": 1737910997,
"narHash": "sha256-YGwh6ntcQdE8vE3F5NYM4q1nroJZOtzZed2eWgCqCW0=", "narHash": "sha256-Q9g8erFLGov37CdtMcVm5V/u+PMtwQa7lVz4oIz43sQ=",
"ref": "feat-tap-overlap", "ref": "feat-tap-overlap",
"rev": "7fc983117bfd39c8e0225fa0ae20293c8248dba5", "rev": "3b653692891c0231e7cc8844e142008296448217",
"revCount": 901, "revCount": 912,
"type": "git", "type": "git",
"url": "https://github.com/jokesper/kmonad" "url": "https://github.com/jokesper/kmonad"
}, },
@ -324,23 +306,6 @@
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"
} }
}, },
"lolpizza": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"pnpm2nix": "pnpm2nix"
},
"locked": {
"lastModified": 1729255849,
"narHash": "sha256-P9Dw2s1LL0xluiJyRMXz+STza75UYTvS3oegpE3S3zs=",
"path": "/nix/store/v48mn8cw1hgswjifw9nin7v73mdvh3aq-source",
"rev": "6989a9dc030ce99589758d0cea682c3011a6ea31",
"type": "path"
},
"original": {
"id": "lolpizza",
"type": "indirect"
}
},
"miro": { "miro": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -359,11 +324,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1737751639, "lastModified": 1738816619,
"narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", "rev": "2eccff41bab80839b1d25b303b53d339fbb07087",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -375,11 +340,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1737469691, "lastModified": 1728018373,
"narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", "narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", "rev": "bc947f541ae55e999ffdb4013441347d83b00feb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -419,11 +384,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1737879851, "lastModified": 1739229610,
"narHash": "sha256-H+FXIKj//kmFHTTW4DFeOjR7F1z2/3eb2iwN6Me4YZk=", "narHash": "sha256-se+XO93QNFc9Krf7pf5TvR4lKC6jh+oWV/+EomsMeZ8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5d3221fd57cc442a1a522a15eb5f58230f45a304", "rev": "ba4ca7f603ef577e16e76900e6be48329339d50e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -435,27 +400,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1718437845, "lastModified": 1739055578,
"narHash": "sha256-ZT7Oc1g4I4pHVGGjQFnewFVDRLH5cIZhEzODLz9YXeY=", "narHash": "sha256-2MhC2Bgd06uI1A0vkdNUyDYsMD0SLNGKtD8600mZ69A=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "752c634c09ceb50c45e751f8791cb45cb3d46c9e", "rev": "a45fa362d887f4d4a7157d95c28ca9ce2899b70e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1737672001,
"narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -465,7 +414,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1728538411, "lastModified": 1728538411,
"narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=", "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=",
@ -481,6 +430,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1735471104,
"narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pandoc-latex-template": { "pandoc-latex-template": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -497,28 +462,6 @@
"type": "github" "type": "github"
} }
}, },
"pnpm2nix": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"lolpizza",
"nixpkgs"
]
},
"locked": {
"lastModified": 1685983557,
"narHash": "sha256-zzSsezK3YEvdZ/8+xnJELmimfKo12xxjC7tFdjsgH/0=",
"owner": "nzbr",
"repo": "pnpm2nix-nzbr",
"rev": "50b3587d90ea72640447ec4ed5604dabcfe06606",
"type": "github"
},
"original": {
"owner": "nzbr",
"repo": "pnpm2nix-nzbr",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -528,10 +471,9 @@
"impermanence": "impermanence", "impermanence": "impermanence",
"kmonad": "kmonad", "kmonad": "kmonad",
"lix-module": "lix-module", "lix-module": "lix-module",
"lolpizza": "lolpizza",
"miro": "miro", "miro": "miro",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"pandoc-latex-template": "pandoc-latex-template", "pandoc-latex-template": "pandoc-latex-template",
@ -540,22 +482,23 @@
"utils": "utils", "utils": "utils",
"wired": "wired", "wired": "wired",
"x": "x", "x": "x",
"xynoblog": "xynoblog" "xynoblog": "xynoblog",
"zen-browser": "zen-browser"
} }
}, },
"roslyn-language-server": { "roslyn-language-server": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1737351724, "lastModified": 1739209199,
"narHash": "sha256-CdRXZaEAXurgO6sGl5akhW+LuwhMvY90ToPlk1h+QcA=", "narHash": "sha256-IXemY38IgENRcnBw2/0hBkUU8dNwZr+kzrrVQd4EH/o=",
"owner": "sofusa", "owner": "sofusa",
"repo": "roslyn-language-server", "repo": "roslyn-language-server",
"rev": "8f237c172dbb52ab763fefa757a7350cf074dbec", "rev": "e1e9831f8fc83121f87516b00401cca409392c29",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -587,7 +530,7 @@
}, },
"rust-overlay_2": { "rust-overlay_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1730341826, "lastModified": 1730341826,
@ -694,24 +637,9 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -788,6 +716,24 @@
"repo": "blog", "repo": "blog",
"type": "github" "type": "github"
} }
},
"zen-browser": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1739161281,
"narHash": "sha256-cMM5E5EzEnfQFdBurCVqCi9mhsmRCeaEJB4iskPsQ1o=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "0e962f036e6e2a9dde28f37d80104c7ea477a801",
"type": "github"
},
"original": {
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

3
flake.nix
View file

@ -31,6 +31,7 @@
wired.url = "github:Toqozz/wired-notify"; wired.url = "github:Toqozz/wired-notify";
roslyn-language-server.url = "github:sofusa/roslyn-language-server"; roslyn-language-server.url = "github:sofusa/roslyn-language-server";
roslyn-language-server.inputs.nixpkgs.follows = "nixpkgs"; roslyn-language-server.inputs.nixpkgs.follows = "nixpkgs";
zen-browser.url = "github:0xc000022070/zen-browser-flake";
kmonad = { kmonad = {
@ -92,7 +93,7 @@
, darwin , darwin
, utils , utils
, xynoblog , xynoblog
, lolpizza # , lolpizza
, lix-module , lix-module
, kmonad , kmonad
, wired , wired

28
hosts/picard/default.nix
View file

@ -72,19 +72,19 @@
} }
''; '';
virtualHosts."*.ragon.xyz".extraConfig = '' virtualHosts."*.ragon.xyz".extraConfig = ''
@8081 host 8081.ragon.xyz # @8081 host 8081.ragon.xyz
handle @8081 { # handle @8081 {
reverse_proxy http://[::1]:8081 # reverse_proxy http://[::1]:8081
} # }
@files host files.ragon.xyz # @files host files.ragon.xyz
handle @files { # handle @files {
encode zstd gzip # encode zstd gzip
root * /srv/www # root * /srv/www
file_server browse # file_server browse
basicauth * { # basicauth * {
{$BAUSER} {$BAPASSWD} # {$BAUSER} {$BAPASSWD}
} # }
} # }
@bw host bw.ragon.xyz @bw host bw.ragon.xyz
handle @bw { handle @bw {
reverse_proxy http://${config.services.vaultwarden.config.rocketAddress}:${toString config.services.vaultwarden.config.rocketPort} reverse_proxy http://${config.services.vaultwarden.config.rocketAddress}:${toString config.services.vaultwarden.config.rocketPort}
@ -257,7 +257,7 @@ all the robots are on <a href="https://catgirl.cloud">catgirl.cloud</a> mew :3
}) })
]; ];
services.xynoblog.enable = true; services.xynoblog.enable = true;
services.lolpizza2.enable = true; # services.lolpizza2.enable = true;
programs.mosh.enable = true; programs.mosh.enable = true;
home-manager.users.ragon = { pkgs, lib, inputs, config, ... }: { home-manager.users.ragon = { pkgs, lib, inputs, config, ... }: {

5
hosts/theseus/default.nix
View file

@ -63,6 +63,7 @@
programs.sway.enable = true; programs.sway.enable = true;
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
programs.gamescope.enable = true; programs.gamescope.enable = true;
programs.wireshark.enable = true;
services.gnome.sushi.enable = true; services.gnome.sushi.enable = true;
services.gnome.gnome-settings-daemon.enable = true; services.gnome.gnome-settings-daemon.enable = true;
services.gvfs.enable = true; services.gvfs.enable = true;
@ -107,7 +108,7 @@
services.displayManager.defaultSession = "river"; services.displayManager.defaultSession = "river";
programs.river.enable = true; programs.river.enable = true;
services.upower.enable = true; services.upower.enable = true;
users.users.ragon.extraGroups = [ "networkmanager" "video" "netdev" "plugdev" "dialout" "tape" "uucp" ]; users.users.ragon.extraGroups = [ "networkmanager" "video" "netdev" "plugdev" "dialout" "tape" "uucp" "wireshark" ];
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
nerdfonts nerdfonts
cantarell-fonts cantarell-fonts
@ -224,6 +225,8 @@
ptyxis ptyxis
appimage-run appimage-run
unstable.keepassxc unstable.keepassxc
# unstable.zenbrowser
inputs.zen-browser.packages."${pkgs.system}".default
# filezilla # filezilla

55
nixos-modules/networking/tailscale.nix
View file

@ -12,11 +12,12 @@ in
"/var/lib/tailscale" "/var/lib/tailscale"
]; ];
services.tailscale.enable = true; services.tailscale.enable = true;
ragon.agenix.secrets.tailscaleKey = { }; services.tailscale.useRoutingFeatures = "server";
boot.kernel.sysctl = lib.mkIf cfg.exitNode { # ragon.agenix.secrets.tailscaleKey = { };
"net.ipv4.ip_forward" = 1; # boot.kernel.sysctl = lib.mkIf cfg.exitNode {
"net.ipv6.conf.all.forwarding" = 1; # "net.ipv4.ip_forward" = 1;
}; # "net.ipv6.conf.all.forwarding" = 1;
# };
networking.firewall = { networking.firewall = {
# always allow traffic from your Tailscale network # always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ]; trustedInterfaces = [ "tailscale0" ];
@ -26,31 +27,31 @@ in
# allow the Tailscale UDP port through the firewall # allow the Tailscale UDP port through the firewall
allowedUDPPorts = [ config.services.tailscale.port ]; allowedUDPPorts = [ config.services.tailscale.port ];
}; };
systemd.services.tailscale-autoconnect = { # systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale"; # description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale # # make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ]; # after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ]; # wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ]; # wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job # # set this service as a oneshot job
serviceConfig.Type = "oneshot"; # serviceConfig.Type = "oneshot";
# have the job run this shell script # # have the job run this shell script
script = with pkgs; '' # script = with pkgs; ''
# wait for tailscaled to settle # # wait for tailscaled to settle
sleep 2 # sleep 2
# check if we are already authenticated to tailscale # # check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" # status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing # if [ $status = "Running" ]; then # if so, then do nothing
exit 0 # exit 0
fi # fi
key=$(<${config.age.secrets.tailscaleKey.path}) # key=$(<${config.age.secrets.tailscaleKey.path})
# otherwise authenticate with tailscale # # otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey $key ${lib.optionalString cfg.exitNode "--advertise-exit-node"} ${cfg.extraUpCommands} # ${tailscale}/bin/tailscale up -authkey $key ${lib.optionalString cfg.exitNode "--advertise-exit-node"} ${cfg.extraUpCommands}
''; # '';
}; # };
}; };
} }