Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Syzygial:59a1e1d90e9c580ce5a1e862abff51b5d4527986
Branches Tags
Syzygial:main
...
compare: Syzygial:1c54bbeec5b2ced6ee6fe81aa00f577843d807c9
Branches Tags
Syzygial:main

2 Commits
59a1e1d90e ... 1c54bbeec5

Author SHA1 Message Date
David Crompton
1c54bbeec5 File tailscale issue 2023-10-05 20:35:25 -04:00
David Crompton
0b6c412d61 flake.lock: Update & Nvidia License Agreement 
Also insecure openssl change

Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/f5c15668f9842dd4d5430787d6aa8a28a07f7c10' (2023-08-30)
  → 'github:nix-community/home-manager/0f4e5b4999fd6a42ece5da8a3a2439a50e48e486' (2023-09-26)
• Updated input 'me-emacs':
    'git+https://git.syzygial.cc/Syzygial/EmacsConfig.git?ref=refs/heads/master&rev=e5b0a6fea9640f270dc44bc112f34b45ea825769' (2023-08-17)
  → 'git+https://git.syzygial.cc/Syzygial/EmacsConfig.git?ref=refs/heads/master&rev=fce0f0baadc881bddeb613d3d6a2ec8860187186' (2023-09-19)
• Updated input 'nix-darwin':
    'github:LnL7/nix-darwin/511177ffe8226c78c9cf6a92a7b5f2df3684956b' (2023-08-17)
  → 'github:LnL7/nix-darwin/e236a1e598a9a59265897948ac9874c364b9555f' (2023-09-26)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e7f38be3775bab9659575f192ece011c033655f0' (2023-08-30)
  → 'github:NixOS/nixpkgs/6500b4580c2a1f3d0f980d32d285739d8e156d92' (2023-09-25)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a' (2023-08-30)
  → 'github:Mic92/sops-nix/2f375ed8702b0d8ee2430885059d5e7975e38f78' (2023-09-21)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/c66ccfa00c643751da2fd9290e096ceaa30493fc' (2023-08-26)
  → 'github:NixOS/nixpkgs/46688f8eb5cd6f1298d873d4d2b9cf245e09e88e' (2023-09-15)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/9117c4e9dc117a6cd0319cca40f2349ed333669d' (2023-08-27)
  → 'github:NixOS/nixpkgs/596611941a74be176b98aeba9328aa9d01b8b322' (2023-09-16)
 2023-10-05 20:35:25 -04:00
5 changed files with 6 additions and 49 deletions
Expand all files Collapse all files

4
machines/hippocampus/configuration.nix
View File

@@ -35,9 +35,7 @@
];
nixpkgs.config.permittedInsecurePackages = [
"nodejs-14.21.3"
"openssl-1.1.1t"
"openssl-1.1.1u"
"openssl-1.1.1v"
"openssl-1.1.1w"
];
nix.gc = {
automatic = true;

8
machines/hippocampus/modules/containerHeadscale.nix
View File

@@ -12,10 +12,6 @@
};
};
config = {config, pkgs, ...}: {
imports = [
./tailscale.nix
];
networking.nameservers = [ "1.1.1.1" ];
networking.useHostResolvConf = false;
@@ -26,8 +22,8 @@
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
authTokenPath = "/var/tailauth";
authUrl = authServer;
authKeyFile = "/var/tailauth";
extraUpFlags = ["--login-server" "${authServer}"];
};
};
};

35
machines/hippocampus/modules/tailscale.nix
View File

@@ -1,35 +0,0 @@
{config, pkgs, lib, ...}:
with lib;
let
cfg = config.services.tailscale;
defPath = if config.services.headscale.enable then "${config.services.headscale.settings.server_url}" else null;
in {
# Configure tailscale to allow specifiying user login and auth path
options.services.tailscale = {
authTokenPath = mkOption {
type = types.nullOr types.path;
default = null;
description = "Should tailscale automatically login with the given authtoken file";
};
authUrl = mkOption {
type = types.nullOr types.str;
default = defPath;
description = "Server URL of head/tailscale";
};
};
config = let
waitGen = optional (cfg.authTokenPath == defPath) "headscale-preauth-regen-${name}";
in {
systemd.services.tailscale_autologin = mkIf (cfg.enable && cfg.authTokenPath != null) {
wantedBy = ["tailscaled.service"];
after = ["tailscaled.service"] ++ waitGen;
script = ''
${pkgs.tailscale}/bin/tailscale up --login-server ${cfg.authUrl} --authkey $(cat ${cfg.authTokenPath})
'';
serviceConfig = {
Type = "simple";
};
};
};
}

1
machines/hippocampus/nvidia.nix
View File

@@ -3,6 +3,7 @@
{
# NVIDIA drivers are unfree.
nixpkgs.config.allowUnfree = true;
nixpkgs.config.nvidia.acceptLicense = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.enable = true;

7
machines/hippocampus/services/tailscale.nix
View File

@@ -4,16 +4,13 @@ let
in {
imports = [
../modules/headscale.nix
../modules/tailscale.nix
];
services.headscale.ensureUsers = {
"${tailUser}" = {};
};
services.tailscale = {
enable = true;
authTokenPath = config.services.headscale.ensureUsers."${tailUser}".path;
};
systemd.services.tailscale_autologin = {
after = ["headscale-preauth-${tailUser}.service"];
extraUpFlags = ["--login-server" "${config.services.headscale.settings.server_url}"];
authKeyFile = config.services.headscale.ensureUsers."${tailUser}".path;
};
}