Toast/nix-stuff
1
0
Fork 0
Code Issues Pull requests Projects 1 Wiki Activity

Change my tailscale network name

Browse source
This commit is contained in:
Toast 2024-07-17 19:06:24 +02:00
parent 020cec94a1
commit 5001e70c14
10 changed files with 24 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.justfile
View file

@ -19,8 +19,8 @@ update-input input:
nix flake lock --update-input {{input}} nix flake lock --update-input {{input}}
@edit-secrets: @edit-secrets:
git clone ssh://forgejo@git.everest.sable-pancake.ts.net:4222/Toast/nix-secrets.git /tmp/secrets git clone ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets.git /tmp/secrets
sed -i 's\git+ssh://forgejo@git.everest.sable-pancake.ts.net:4222/Toast/nix-secrets\/tmp/secrets\g' flake.nix sed -i 's\git+ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets\/tmp/secrets\g' flake.nix
just -q update-input secrets just -q update-input secrets
echo "{{bold}}All done!" echo "{{bold}}All done!"
echo "{{normal}}Remember to restore flake.nix" echo "{{normal}}Remember to restore flake.nix"

4
flake.lock generated
View file

@ -527,11 +527,11 @@
"rev": "08944755d22a7499b0b3fd39d48fdf1dabf4c83f", "rev": "08944755d22a7499b0b3fd39d48fdf1dabf4c83f",
"revCount": 19, "revCount": 19,
"type": "git", "type": "git",
"url": "ssh://forgejo@git.everest.sable-pancake.ts.net:4222/Toast/nix-secrets" "url": "ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "ssh://forgejo@git.everest.sable-pancake.ts.net:4222/Toast/nix-secrets" "url": "ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets"
} }
}, },
"systems": { "systems": {

2
flake.nix
View file

@ -3,7 +3,7 @@
inputs = { inputs = {
secrets = { secrets = {
url = "git+ssh://forgejo@git.everest.sable-pancake.ts.net:4222/Toast/nix-secrets"; url = "git+ssh://forgejo@git.everest.tailscale:4222/Toast/nix-secrets";
flake = false; flake = false;
}; };
nixpkgs-raw.url = "nixpkgs/nixos-24.05"; nixpkgs-raw.url = "nixpkgs/nixos-24.05";

2
roles/common/programs/git.nix
View file

@ -1,6 +1,6 @@
{...}: { {...}: {
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
"[git.everest.sable-pancake.ts.net]:4222".publicKey = '' "[git.everest.tailscale]:4222".publicKey = ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoUcWx56NZ3kqydN3d0gLNz6SlBm1ArkHhqR9Fwd8qs ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoUcWx56NZ3kqydN3d0gLNz6SlBm1ArkHhqR9Fwd8qs
''; '';
}; };

4
roles/desktop/programs/ssh.nix
View file

@ -2,7 +2,7 @@
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
everest = { everest = {
hostNames = [ hostNames = [
"everest.sable-pancake.ts.net" "everest.tailscale"
"toast003.xyz" "toast003.xyz"
]; ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqfABZKnF5YYGZTOKuT7m+sOnUqBQSvLke9c3JDsF5s"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqfABZKnF5YYGZTOKuT7m+sOnUqBQSvLke9c3JDsF5s";
@ -15,7 +15,7 @@
matchBlocks = { matchBlocks = {
"everest" = { "everest" = {
host = "everest"; host = "everest";
hostname = "everest.sable-pancake.ts.net"; hostname = "everest.tailscale";
forwardAgent = true; forwardAgent = true;
sendEnv = ["COLORTERM"]; sendEnv = ["COLORTERM"];
}; };

12
roles/server/dns.nix
View file

@ -16,18 +16,18 @@
dns-loop-detect = true; dns-loop-detect = true;
host-record = [ host-record = [
"winmax2,winmax2.sable-pancake.ts.net,100.106.73.20" "winmax2,winmax2.tailscale,100.106.73.20"
"everest,everest.sable-pancake.ts.net,100.73.96.48" "everest,everest.tailscale,100.73.96.48"
"archie,archie.sable-pancake.ts.net,100.113.139.93" "archie,archie.tailscale,100.113.139.93"
"steamdeck,steamdeck.sable-pancake.ts.net,100.85.48.85" "steamdeck,steamdeck.tailscale,100.85.48.85"
"surfacego,surfacego.sable-pancake.ts.net,100.96.92.13" "surfacego,surfacego.tailscale,100.96.92.13"
]; ];
# If this isn't set a cname that targets a host might return the wrong ip # If this isn't set a cname that targets a host might return the wrong ip
localise-queries = true; localise-queries = true;
## IPv6 is not a thing in Spain so I'm guaranteed to not use it ## IPv6 is not a thing in Spain so I'm guaranteed to not use it
filter-AAAA = true; filter-AAAA = true;
domain = "sable-pancake.ts.net"; domain = "tailscale";
domain-needed = true; domain-needed = true;
}; };
}; };

6
roles/server/forgejo.nix
View file

@ -30,7 +30,7 @@ in {
}; };
server = { server = {
OFFLINE_MODE = false; OFFLINE_MODE = false;
ROOT_URL = "http://git.everest.sable-pancake.ts.net"; ROOT_URL = "http://git.everest.tailscale";
START_SSH_SERVER = true; START_SSH_SERVER = true;
SSH_PORT = 4222; SSH_PORT = 4222;
SSH_SERVER_HOST_KEYS = config.age.secrets.forgejo-host-key.path; SSH_SERVER_HOST_KEYS = config.age.secrets.forgejo-host-key.path;
@ -45,7 +45,7 @@ in {
}; };
# Add a cname for forgejo # Add a cname for forgejo
services.dnsmasq.settings.cname = ["git.everest.sable-pancake.ts.net,everest"]; services.dnsmasq.settings.cname = ["git.everest.tailscale,everest"];
# Set up traefik as the reverse proxy for Forgejo # Set up traefik as the reverse proxy for Forgejo
services.traefik = { services.traefik = {
@ -53,7 +53,7 @@ in {
http = { http = {
routers = { routers = {
forgejo-subpath = { forgejo-subpath = {
rule = "Host(`git.everest.sable-pancake.ts.net`)"; rule = "Host(`git.everest.tailscale`)";
service = "forgejo"; service = "forgejo";
}; };
}; };

2
roles/server/nfs.nix
View file

@ -2,7 +2,7 @@
services = { services = {
nfs.server = { nfs.server = {
enable = true; enable = true;
exports = "/srv/nfs *.sable-pancake.ts.net(ro,fsid=root)"; exports = "/srv/nfs *.tailscale(ro,fsid=root)";
# NFSv3 uses random ports, so you need to make them static to be able to pass though the firewall # NFSv3 uses random ports, so you need to make them static to be able to pass though the firewall
statdPort = 4000; statdPort = 4000;
lockdPort = 4001; lockdPort = 4001;

4
roles/server/syncthing.nix
View file

@ -34,7 +34,7 @@
}; };
# Add a cname for syncthing # Add a cname for syncthing
services.dnsmasq.settings.cname = ["sync.everest.sable-pancake.ts.net,everest"]; services.dnsmasq.settings.cname = ["sync.everest.tailscale,everest"];
# Set up traefik as the reverse proxy for syncthing # Set up traefik as the reverse proxy for syncthing
services.traefik = { services.traefik = {
@ -42,7 +42,7 @@
http = { http = {
routers = { routers = {
syncthing-subdomain = { syncthing-subdomain = {
rule = "Host(`sync.everest.sable-pancake.ts.net`)"; rule = "Host(`sync.everest.tailscale`)";
service = "syncthing"; service = "syncthing";
}; };
}; };

8
roles/server/transmission.nix
View file

@ -9,7 +9,7 @@ in {
settings = { settings = {
incomplete-dir-enabled = false; incomplete-dir-enabled = false;
rpc-bind-address = "0.0.0.0"; rpc-bind-address = "0.0.0.0";
rpc-host-whitelist = "transmission.everest.sable-pancake.ts.net"; rpc-host-whitelist = "transmission.everest.tailscale";
rpc-whitelist = "127.0.0.1"; rpc-whitelist = "127.0.0.1";
}; };
}; };
@ -20,7 +20,7 @@ in {
mountPoint = "/srv/nfs/transmission"; mountPoint = "/srv/nfs/transmission";
options = ["bind"]; options = ["bind"];
}; };
services.nfs.server.exports = "${mountPoint} *.sable-pancake.ts.net(ro,all_squash,anonuid=${transmissionUid},anongid=${transmissionGid})"; services.nfs.server.exports = "${mountPoint} *.tailscale(ro,all_squash,anonuid=${transmissionUid},anongid=${transmissionGid})";
services.avahi.extraServiceFiles = { services.avahi.extraServiceFiles = {
Transmission-downloads-nfs = '' Transmission-downloads-nfs = ''
@ -38,7 +38,7 @@ in {
}; };
# Add a cname for transmission # Add a cname for transmission
services.dnsmasq.settings.cname = ["transmission.everest.sable-pancake.ts.net,everest"]; services.dnsmasq.settings.cname = ["transmission.everest.tailscale,everest"];
# Set up traefik as the reverse proxy for transmission # Set up traefik as the reverse proxy for transmission
services.traefik = { services.traefik = {
@ -46,7 +46,7 @@ in {
http = { http = {
routers = { routers = {
transmission-subdomain = { transmission-subdomain = {
rule = "Host(`transmission.everest.sable-pancake.ts.net`)"; rule = "Host(`transmission.everest.tailscale`)";
service = "transmission"; service = "transmission";
}; };
}; };