chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 01:09:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

modules.services.tailscale: init

Browse Source
This commit is contained in:
陈浩南
2025-11-06 19:47:56 +08:00
parent 3dfdb36728
commit ee0beeab98
5 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
devices/pc/default.nix
View File

@@ -87,6 +87,7 @@ inputs:
lumericalLicenseManager.macAddress = "10:5f:ad:10:3e:ca";
waydroid = {};
open-webui.ollamaHost = "127.0.0.1";
tailscale = {};
};
bugs = [ "xmunet" "amdpstate" "iwlwifi" ];
packages = { mathematica = {}; vasp = {}; lumerical = {}; };

5
devices/pc/secrets/default.yaml
View File

@@ -19,6 +19,7 @@ tinc: ENC[AES256_GCM,data:qI2KAyJiC9m+IOzTQ7SFjWnjzzkxvNe6R2yxyK+C/YnEK4JdYqEETI
open-webui:
openai: ENC[AES256_GCM,data:8CQLvoDuGtQ7PN+1SOmXF48dV/G6fDOiu6olkhSbWEjYcNO4VVmxtHw=,iv:rKBxOTB7/LXfXWVrBFBJeyn43R82oBYCxup8OzWvzKk=,tag:ByoyMizWc9Lpnt+ciYcszg==,type:str]
webui: ENC[AES256_GCM,data:G0fniAii8asP+NNTinHwrScrFVkFacoci6BvA24=,iv:ADQVIuf60eTDMwW7BAsfDhoTtsFKF5QDLsDkPAQxFBU=,tag:5siIJGNEa11EeHlurk1h5w==,type:str]
tailscale: ENC[AES256_GCM,data:IkZaLVFO+UfTA7WIjOjiy7PKbfKzhO52WwVXQthat0PnjvvL2cxdza/ic4NtzpZK,iv:pftLbWBH/skX01wHXbFOJvivf4lnqtzXpioM6kYUiXk=,tag:jHGcCBuLA46D1DSg6me/KA==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
@@ -39,7 +40,7 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-12T08:54:46Z"
mac: ENC[AES256_GCM,data:WDImciB99J8YKHGUljCX0ZgaFdKyIm8N5jcItRtF53vOCejsKIRaOUKiqxCdWmDqdLW1V+osmVn0k0b1+GDp6MJ7yB1p8RftwyBoC7CNErld3HNcfc4nElYAvTCxqR9QOHDGmZCEw9e94tTHvs7TYxnFaFXg8iBjDgZwTpz6ZSU=,iv:Z+WT6Dtx9PZjPtYhwm6MbTw87S3aKqJ+LSw6aSN4/K0=,tag:x+tWUCQouFEFtBO1+8TKjQ==,type:str]
lastmodified: "2025-11-06T11:46:32Z"
mac: ENC[AES256_GCM,data:ab9wvm4d1NK95v6nB/G7Hxy6bPmwdIqyUWuSBk/QGvRC2Avw4m5U60AL6iI8nVek4yukdBZm0efu1tVDDlNbVV5rU5EN7VQAChHd3QNDFEVTsDWxugbl8NUEYa/bWEqut16s6kU6lFwyMovO82Kxppy0VwB/7p0SsEc9bv2zJJo=,iv:FckYgIvo9pgFt4mgaArxeDDRx5bHZM88DepqvwM2yH4=,tag:F2A4e19ltYAqd4CAvEC7/A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

1
devices/vps6/default.nix
View File

@@ -62,6 +62,7 @@ inputs:
bind = {};
headscale = {};
derp = {};
tailscale = {};
};
};
networking.nftables.tables.forward =

5
devices/vps6/secrets.yaml
View File

@@ -48,6 +48,7 @@ xray-xmu-client:
tinc: ENC[AES256_GCM,data:E3OrPA67R48x5FJUW0ZbERlclz8Z/XokAaGTeBQLPEHSeqEArHYSZkdJRZejFrBruJPlGZMPNBQzlIBXOfXKwMnlBDaGJIIJHIzPDGG9W7QF4IIRK/BjVZHFwfKvZtbUDGsqLcCSe5+ttmyucBaFGquXhnD/Tu09uyWtRvS10KAJLY0Z2/16CFB1+8egJIcYw2TFXObo+KR92Va0qwiDSepKaJtYLimDGRKk04QGj+BYa5y8PjIG6bz8UG82mmCiV7XM3EPlSMA=,iv:kawsklNGFbRhxKuUwvNL2WyBxuYu2T/uks1cJ4i8NhA=,tag:V+jAaxQX7JCiR5+wIVW4Nw==,type:str]
postgresql:
headscale: ENC[AES256_GCM,data:z2cyyT1TcIhNJCBeGn072aFI2nAioWZQvpyzoky4tWtMymKlw4ilOtSYAsp+kaNOoqvWSmoAQNJLNzeDk1iTCQ==,iv:hZdS/CAVBO0k/AmX3qw3YwTYgK49Aeu5QI3YCAduiZ0=,tag:2l4GPV/T2GHjAAUDX3LaEA==,type:str]
tailscale: ENC[AES256_GCM,data:jRJQmLYwJRjslPNO3VnVGEJxe+kzmSGpHRTpacF4yrp8+lcifAX2YH1109M1xB+z,iv:2NPAxzyhgfPn7H5/yt9Uozzx0ltKnS0mk23U4qOEQpA=,tag:B9kQ8U/aqP/m9bEH0q8Rcg==,type:str]
sops:
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
@@ -68,7 +69,7 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-06T03:58:47Z"
mac: ENC[AES256_GCM,data:/t09/unE18oWPfoCdyTFdTYCC73C5s3cmB9yLNo1MrLISK8b9DPUzuAOamhW0EXG97/++dNCIAl5VNO/HuU6xT5jH8GFZo3Z7ElFamSmYpKYqDBgTDPlRxGRsc663qeNzpV1VE79hl1ifKk+NrP5cNxG0+FMZ763+dxnde0gdcM=,iv:j1CruHLx3HxV8+joWGKqwU53X9HmvW8LdleSCzACGoM=,tag:rQwSr9W+PDDxhonUDYC49A==,type:str]
lastmodified: "2025-11-06T11:46:54Z"
mac: ENC[AES256_GCM,data:31JLVHnXd9jYXrFmSY9gfhpnq8B+frl8s3j4WhVrl/7cLjmw04agivYAOKORvEnAWS2p7e5PIPqoNX3m2tf394I+TiuDW2bWcdgs/LluvOEnIhV0Ybdrhp0W3esG6i4qRmif2i47G/mHiyKMttyRsH1K7UnaMNPtxlnMkpgDdTw=,iv:Thf+tDU6gYw53ZDN6LINczp/LstsYW1Cfkqa86ULx70=,tag:eFYF1ISvBbGVRUTxxoeILQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

18
modules/services/tailscale.nix Normal file
View File

@@ -0,0 +1,18 @@
inputs:
{
options.nixos.services.tailscale = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = null; };
config = let inherit (inputs.config.nixos.services) tailscale; in inputs.lib.mkIf (tailscale != null)
{
services.tailscale =
{
enable = true;
openFirewall = true;
disableTaildrop = true;
# authKeyParameters should not be set
authKeyFile = inputs.config.nixos.system.sops.secrets."tailscale".path;
extraUpFlags = [ "--login-server=https://headscale.chn.moe" ];
};
nixos.system.sops.secrets."tailscale" = {};
};
}