ptr.pet / ark
nix machine / user configurations
fork atom

put tailscale on dzwonek

ptr.pet e4df1f30 904784f4

options
unified split
Changed files
+53 -64
hosts
dzwonek
modules
tailscale.nix
wolumonde
modules
tailscale.nix
modules
network
tailscale.nix
secrets
clickeeProxyConfig.age
deployWebhook.age
develMobiTailscaleAuthKey.age
headscaleOidcSecret.age
nixGithubAccessToken.age
pdsConfig.age
persesSecret.age
secrets.nix
tailscaleAuthKey.age
websiteConfig.age
+6
hosts/dzwonek/modules/tailscale.nix 
···

       

       
1

       
+

       
{config, ...}: {


     

       

       
2

       
+

       
  imports = [../../../modules/network/tailscale.nix];


     

       

       
3

       
+

       
  


     

       

       
4

       
+

       
  # age.secrets.tailscaleAuthKey.file = ../../../secrets/tailscaleAuthKey.age;


     

       

       
5

       
+

       
  # services.tailscale.authKeyFile = config.age.secrets.tailscaleAuthKey.path;


     

       

       
6

       
+

       
}
+4 -12
hosts/wolumonde/modules/tailscale.nix 
···

       
1

       
1

       
 

       
{ config, ... }:


     

       
2

       
2

       
 

       
{


     

       
3

       

       
-

       
  age.secrets.tailscaleAuthKey.file = ../../../secrets/tailscaleAuthKey.age;


     

       
4

       

       
-

       



     

       
5

       

       
-

       
  services.tailscale = {


     

       
6

       

       
-

       
    enable = true;


     

       
7

       

       
-

       
    port = 41641;


     

       
8

       

       
-

       
    extraSetFlags = [ "--advertise-exit-node" ];


     

       
9

       

       
-

       
    extraUpFlags = [ "--ssh" ];


     

       
10

       

       
-

       
    extraDaemonFlags = [ "--no-logs-no-support" ];


     

       
11

       

       
-

       
    useRoutingFeatures = "both";


     

       
12

       

       
-

       
    authKeyFile = config.age.secrets.tailscaleAuthKey.path;


     

       
13

       

       
-

       
    openFirewall = true;


     

       
14

       

       
-

       
  };


     

       

       
3

       
+

       
  imports = [../../../modules/network/tailscale.nix];


     

       

       
4

       
+

       
  


     

       

       
5

       
+

       
  # age.secrets.tailscaleAuthKey.file = ../../../secrets/tailscaleAuthKey.age;


     

       

       
6

       
+

       
  # services.tailscale.authKeyFile = config.age.secrets.tailscaleAuthKey.path;


     

       
15

       
7

       
 

       



     

       
16

       
8

       
 

       
  networking.firewall.public.tailscale.allowedUDPPorts = [


     

       
17

       
9

       
 

       
    config.services.tailscale.port
+11
modules/network/tailscale.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  services.tailscale = {


     

       

       
3

       
+

       
    enable = true;


     

       

       
4

       
+

       
    port = 41641;


     

       

       
5

       
+

       
    extraSetFlags = [ "--advertise-exit-node" ];


     

       

       
6

       
+

       
    extraUpFlags = [ "--ssh" ];


     

       

       
7

       
+

       
    extraDaemonFlags = [ "--no-logs-no-support" ];


     

       

       
8

       
+

       
    useRoutingFeatures = "both";


     

       

       
9

       
+

       
    openFirewall = true;


     

       

       
10

       
+

       
  };


     

       

       
11

       
+

       
}
+16 -15
secrets/clickeeProxyConfig.age 
···

       
1

       
1

       
 

       
age-encryption.org/v1


     

       
2

       
2

       
 

       
-> ssh-rsa Abmvag


     

       
3

       

       
-

       
Z0FAbsxLDMVKjGMAaSSTxlzLO+Kgzt7hXre5y2O20IXH1OCLQ59X56l3pMrL03Yd


     

       
4

       

       
-

       
CnYIPemP62a9pwBhrWE0O23mNWxY8AQJXyVgIwUD2oMDJRNWpgCsgTvgGdze5PNg


     

       
5

       

       
-

       
FLm5l27ipT+HBHJ1eWbkgH8ymNZpHmnXPTtEx40DayY7slGywxnE5SgHqppU6C8P


     

       
6

       

       
-

       
nYVVfg2+m1ltRZtWswpfTRPMN7JfY6it2NRZ/Ygp2im0MCzP42W7S3cOFwSoDWKe


     

       
7

       

       
-

       
c48BG59p0gXidDWWj/g0IfPd03+mpj3oir1uPBLijW2AP9gN+EXILWfwmhs9iWn5


     

       
8

       

       
-

       
uCIoD8qyCFDrpMSrM2BKH+hR+rpaPPdDu7+I5u/vzsZSMib2GMv3rFbCLIrPhFbm


     

       
9

       

       
-

       
yPWNhh+7Jmgoz2YESDVljhflNOp9rtan+69Rv4Avpbu9IzK+b8jBi2ZBvRCdUUGU


     

       
10

       

       
-

       
Q/KUeGsN60ZVDiKI54xwDW4feTaktNaPOlClpqToOw8YVX7ZlE4BvZdkGHDWXit2


     

       
11

       

       
-

       
kTL3cG9Bppz2S5/CZVkvgqnhXGU22v13tg+CKKe3XGKnyaF7275noNtWOopLFU2F


     

       
12

       

       
-

       
sj/PQVChXKcRqFt15vEV//FFgemrDE9zKAIO55VHhWpTykGksPd4FYykkh/LUhxY


     

       
13

       

       
-

       
Q7udWhLsMKhs78lKkOpVgqlhMf9uq/o+96Z5W0d/q94


     

       
14

       

       
-

       
-> ssh-ed25519 KjIL7g 2u9x2GWw59kQfI3o3Vj+rNTz8dnQBIB7SsbYrBAHjCI


     

       
15

       

       
-

       
abJ8PRvSDjrMZ9IBzp9MoRF4IVllJeYsX6N71jkvK2o


     

       
16

       

       
-

       
--- oUikob6m3vbmcoJLcoOs3MbvYYKaDIvAJ8V2+ilSzlk


     

       
17

       

       
-

       
��*6��ns)��!������@����G�ag��\;V,EP~oh��g���g��<gQ���1,���@�r�l`/gF��f.��(���U���B=�K{�֟��x~�C��>�lfoь���xo

     

       

       
3

       
+

       
KTRuqb3EC27YPIyLCW846a4EmJ8mWl+JKKQOWgLI8vSWOrKiFzyRxjBuPc4z/IcI


     

       

       
4

       
+

       
VHt4oLEE1FoRZf4V/NxO7Ze9ps2Qh5EJScnD1onNeaF8NlG9y2Q2JZPIrqeJlpQQ


     

       

       
5

       
+

       
NrEPNDdanx01uYmxSnoT/rn0PYbbQdEtGR+7EVPfp+Z7z/JcDgMF+1MHBm0++qsk


     

       

       
6

       
+

       
87WOxnSlB+y/EFQ1oPJf+gfSZgr7MUch7fOyPVHXspNKMPV0k0UvZ+/DWU/yBbQ2


     

       

       
7

       
+

       
Yo4c+dQOn8/EbXZhmR/nlPO226QLUQ9RkJmbNVTepfpU7/jNjdK7fi0mESTUnl7f


     

       

       
8

       
+

       
k6v+BS8OzQVxlXLk/hGbNdGcOKAgFrejB0Z62ZuYanO9+QnuufCOxjf/YUqQcCYi


     

       

       
9

       
+

       
SIrL66cy1/85wUyCE/SoP8vzaJZiLozCmo69IjRZXSXtB3I7ci4yQQ1PmyQtdMA8


     

       

       
10

       
+

       
B3pSTBwxwKdh7uiTmSJiAPrYnG29QO5gUvMk/sNWLoW20Uf+1DpNngv+C19uCRWn


     

       

       
11

       
+

       
vSH9WJip9NUCTlpbEhvRdxZoJ26SlTEFTuKfQCaLmmWw+jiIomHSozLZZqJ4n0p6


     

       

       
12

       
+

       
TeprMWqAEk2aj0zJp/6ae77TqRLIpVS8+8smT0TiEugZyeikbsc01gziiQJiBtnQ


     

       

       
13

       
+

       
2jfWrJwXYrNS8Eyba2wgKun/wCt2lWvLwm0s9Ike1zc


     

       

       
14

       
+

       
-> ssh-ed25519 KjIL7g kAsQOSzqtKVQ0u65I6gk1VhwplhMzwInpEphsxZh+G8


     

       

       
15

       
+

       
vK7Gff2lZm3USYyhJddh+WmBaE5pC/8az6ioOtczGYE


     

       

       
16

       
+

       
--- tSyUAixMsxkVLIDcXmIpfC5rZJu5fXhCavOi0j2MHqA


     

       

       
17

       
+

       
�;�-�#������Rb���]��gE�񐚄��M�\,:��z�n7�[��K��p�ei���K����


     

       

       
18

       
+

       
�p����qĶ��R+����%��ښ���c�&Pq����=T ����$,8�.'�\M�ݻ
secrets/deployWebhook.age

This is a binary file and will not be displayed.

secrets/develMobiTailscaleAuthKey.age

This is a binary file and will not be displayed.

secrets/headscaleOidcSecret.age

This is a binary file and will not be displayed.

secrets/nixGithubAccessToken.age

This is a binary file and will not be displayed.

secrets/pdsConfig.age

This is a binary file and will not be displayed.

+16 -15
secrets/persesSecret.age 
···

       
1

       
1

       
 

       
age-encryption.org/v1


     

       
2

       
2

       
 

       
-> ssh-rsa Abmvag


     

       
3

       

       
-

       
rjbVcIfWcfTpAg5BCy5PbLt8eF5fnBjLqW1LZw2jCgBM/O6oeaUHuQYTtekvmjNA


     

       
4

       

       
-

       
0ow27Opl6OFqVN0E8j4t/i9GQeQ/9jkTITs/Kc66D3eY4UOFNIx1gmbJdcsl5vnZ


     

       
5

       

       
-

       
+og/3ppWVJPZhrsmGdAJxyNdH3Qc1VtE73zomxzabv3oNv8KCJIfziZOBELhHJJx


     

       
6

       

       
-

       
d7ybJmoFWqt4WurlnMqMV5e/S3yUdxTkn5t3d5oVa+5tlMdBnULo91y2QQLfTBEa


     

       
7

       

       
-

       
ujUSZlKfWs4G5Alb9C0a9CFJty8goR/eNVliDsu/+hzSFhVB0YyG0Srw1Qq7GJTV


     

       
8

       

       
-

       
KJlqIdX4H82fCxP5Sr4Li/u4ONhLFArSqlgiuXuXON9mmJHtr6bW48hBAxpCSxVf


     

       
9

       

       
-

       
oxv5GzcQTAYKkO8JmZUhfYG7dehB6ro3FLHdrWw1xF+vAt89YFfxOzy8WwIFWVBr


     

       
10

       

       
-

       
BcKxM902TeDwBrFtRvnZXuTZHZtXp1lwuGJGQwxzuGgQt4+jdTr8lvks7uozXsQA


     

       
11

       

       
-

       
UZa1BEgL65kRK9DQKNBX9mQEob0pUGhQhHkwOcqZuiVtQznPxDUjauVezYfEc4//


     

       
12

       

       
-

       
MqZBkd7F9acSxmanstQp3vamt6vnIClGathU/np9xlSP7MqmNGYK5Z33DgwoihdB


     

       
13

       

       
-

       
hF7jmkovHkrvJjfS+y894BAmQ09e6+pGpcbA+RiwhCc


     

       
14

       

       
-

       
-> ssh-ed25519 KjIL7g nGj4yhMFbeWN2Mze71Vei/bba6kr8mpOdmzuhenu8C8


     

       
15

       

       
-

       
DxiSMMJegNoXoDcxc5lzkQiqRqt3zbtoe918gtRG+kQ


     

       
16

       

       
-

       
--- RHnZ2YQuPHEj9fp97jdGjwRaba1FFAptyH51dnNvIp0


     

       
17

       

       
-

       
_�	~�q�&<�����#k��65�Z$���9�g����D�+0�c��KQf��w�������M�������%��G�{e.����N.M]�q

     

       

       
3

       
+

       
gnRXwWRObKH5JCBDDPVRDHsgSj4m3zwOHAFLDAXTmWjs0mVNKSu5AFtKkoJuUuzs


     

       

       
4

       
+

       
RQFGn3b4pv6duPjpEW4t0DBkAOCwgqTqvF3oSKNBSDuhNU4+XzCJgBZDesO3VZ/S


     

       

       
5

       
+

       
zZxM8kq14sM484pZSRI0A86VNSlR7q8lyF1kth+bn5dum7Ihq87Re6jW+OyFwL7L


     

       

       
6

       
+

       
tkTON5L4aMqjI4fMQl/PcRU+04sYkKug6JQO/DDyFXvjvROuO43ZChjqGGj4ol9b


     

       

       
7

       
+

       
mXPOJuabzUtWGoTwg7+IHhbyUbanoO+2gCMejRGbZbBTh+bOftNx0bvNj8lrxgit


     

       

       
8

       
+

       
oE5sXhqPeI9BhOGWiJvR+32YdHl2WRYQ/7nNdWsnA0UuiPRHPu827g91NrVgjxBk


     

       

       
9

       
+

       
SpgoabwZpCUl8GlfihtTvw3NbV6WnIUv0ew9bwlyf129uvH7Rn61o0JMnq5m37Zt


     

       

       
10

       
+

       
rJjLJ262zIdb4eS1QgycI+ugeb290Vh22niTLLKoJxAFdLyzSr84XsfUVyrjhJfz


     

       

       
11

       
+

       
Ll+12c7ApTcgwhuhOkFLmU8SUNwxhH523fV8zcQ/1E9yjpa26qQcTF+ujRV8FIwb


     

       

       
12

       
+

       
kVGLDHUXehU5gm/nsuQVaULYHRC50pvu7wKKZsj0UqdQeKCx1CwBOdFk6Qctxl9N


     

       

       
13

       
+

       
VvAenIra/FVImcrimQ/sNCeg8UasT+gvbY5KjhwPzkY


     

       

       
14

       
+

       
-> ssh-ed25519 KjIL7g +FQdRCFxlkayD4Hq9xb4WCE139upxkpSrvh7412gqlo


     

       

       
15

       
+

       
jxDJlUgJZfftyeyhikKi4zLhtM6fVXxAGMmD7gcQZgM


     

       

       
16

       
+

       
--- OXRvMmNqRzo4NGF4ihpPSHu77W8dH45HwJJIDI3hUCY


     

       

       
17

       
+

       
&}͘8��;YX5


     

       

       
18

       
+

       
�$m3�1r['�%<7�����W�D��h�0�%��C$�Il1;ɛl�1�i�A��E�z��,n݆�|b�?2N�}�m/Ӈ�
-4
secrets/secrets.nix 
···

       
27

       
27

       
 

       
    yusdacra


     

       
28

       
28

       
 

       
    dzwonek


     

       
29

       
29

       
 

       
  ];


     

       
30

       

       
-

       
  "tailscaleAuthKey.age".publicKeys = [


     

       
31

       

       
-

       
    yusdacra


     

       
32

       

       
-

       
    wolumonde


     

       
33

       

       
-

       
  ];


     

       
34

       
30

       
 

       
  "develMobiTailscaleAuthKey.age".publicKeys = [


     

       
35

       
31

       
 

       
    yusdacra


     

       
36

       
32

       
 

       
    develMobi
-18
secrets/tailscaleAuthKey.age 
···

       
1

       

       
-

       
age-encryption.org/v1


     

       
2

       

       
-

       
-> ssh-rsa Abmvag


     

       
3

       

       
-

       
iTX9q7kPMMOmyHP7E/p5qai32562O7HHubxptgyH0Sq1IGBeHD+TOUAhcl9KTljS


     

       
4

       

       
-

       
ibis2WYjbG4FMiXs6zhgCD8OsQE/8FdKWr8U1PII8eXRqe9tuhUMbTwmMDckjXQQ


     

       
5

       

       
-

       
3vJbJEmbh+YPuslkanwcqIJg+KCXBAT6DEmSsr4eIBvuPpl7gDwdLgctwTet2j8X


     

       
6

       

       
-

       
OOAXydlOcs0Jl7U/hSXqID96fXGtMbdjaTONngfkAe/DW9mtY3ysQ7/j2x7SCE4r


     

       
7

       

       
-

       
PY5OQuQllMiW2Zzrfyq54QqCKsaBuZsF5Lm1jn5g6leAZXSf44l5spTEGjeKEr8M


     

       
8

       

       
-

       
VOyyu05VucCQ/CMJOh17LkCNzFHtbC36BVDrlTGWhWs/AL7W4IAEvZNA8OADzGZs


     

       
9

       

       
-

       
ea3iRHYmEYqaWefjDncYQDUN+TFwa+9GFq5c7O+aJw731FFzTKS1OXl+ZPoIGAxD


     

       
10

       

       
-

       
b39eH1CJOmBq0Vmz5adb+kTtMDs+RCLpmNtJ7B5bQPUASobDSa3P1077LleDmqFu


     

       
11

       

       
-

       
1MmfmReBu9vAS7rgNRVeTO6i5Kv2deYvbcjscH3kjzWpA0cdaa9qJrelWBk95bUk


     

       
12

       

       
-

       
QTWzkgyjF+zwJSUIOIWqYfmtyS4ZYSl6yWH4Ah2Mx3zRPrNP1ITNdJI9jnMXiqMF


     

       
13

       

       
-

       
w1t21oxGvNvZ716NfcsNI7mR3shavnE5B1pkMeRDwf0


     

       
14

       

       
-

       
-> ssh-ed25519 KjIL7g xoZ4Fa8wYuPJ6nPhDxAgHRc0Ihk90T4Z0tbOe8TaEBk


     

       
15

       

       
-

       
eGknb37Mj6Unlet9As880cBlA3tlvgGMnLrKyqCThi4


     

       
16

       

       
-

       
--- 4D6BQZdeMNur/IfsZO86jzpYwoxRFxu0PqHNzGcq5hw


     

       
17

       

       
-

       
���D�Ƴ��.�\.�)�a=�X0nd����]������


     

       
18

       

       
-

       
h�nIٌs덺�|����;o�eF��:r{!���|^,
secrets/websiteConfig.age

This is a binary file and will not be displayed.