linde: set up golink
Alan Pearce alan@alanpearce.eu
Thu, 30 May 2024 22:26:55 +0200
4 files changed, 27 insertions(+), 0 deletions(-)
M flake.nix → flake.nix
@@ -14,6 +14,10 @@ utils.url = "github:numtide/flake-utils"; agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; searchix.url = "git+https://git.alanpearce.eu/searchix"; + golink = { + url = "github:tailscale/golink"; + inputs.nixpkgs.follows = "nixpkgs-small"; + }; }; outputs = @@ -28,6 +32,7 @@ , secrets , emacs-overlay , agenix , searchix + , golink , ... }: let @@ -70,6 +75,7 @@ specialArgs = { inherit inputs; }; modules = [ agenix.nixosModules.default searchix.nixosModules.web + golink.nixosModules.default ./system/linde.nix ]; };
A secrets/golink.age
@@ -0,0 +1,8 @@+age-encryption.org/v1 +-> ssh-ed25519 cvV2sw Afv1D+MaopWkuWEKI0t0zp4qlcam7bBUtWHq7CwABg8 +T49GUjm0yIB8L93giMNNQm56goIlyUKw81Awem7LGBE +-> piv-p256 u9NeZg Aym6b0XVHJFxEaH1bi82HjDGpbId6LjDzeANPlP1q75N +euudxSXIVs2mTeP8DKe6+8ixQb5doTwp3HR7eyfCsCk +--- c0wvkDM428LPfxbK7xL22xMmUh9OaEXM+gEImi6FVJg + ¢ +h׃Uß…?•“Í/3 ;!Ç»¤îP‰Ù'.‚¾ÕrÄÁætæ±\Üì‹©:¤ ¶uèƒÌ9ùY‚y˜_xº€9 Œ.ÇO˜£#פö=%#ìû£,MP?®Ù£
M secrets/secrets.nix → secrets/secrets.nix
@@ -17,6 +17,7 @@ binarycache = [ linde ]; paperless = [ linde ]; powerdns = [ linde ]; dex = [ linde ]; + golink = [ linde ]; dyndns = [ nanopi ]; syncthing = [ nanopi ];
M system/linde.nix → system/linde.nix
@@ -38,6 +38,14 @@ acme.file = ../secrets/acme.age; binarycache.file = ../secrets/binarycache.age; dex.file = ../secrets/dex.age; powerdns.file = ../secrets/powerdns.age; + golink = let golink = config.services.golink; in { + # hope this doesn't collide... + path = "${golink.dataDir}/.config/tsnet-golink/auth.key"; + owner = golink.user; + mode = "400"; + symlink = false; + file = ../secrets/golink.age; + }; }; # Use the systemd-boot EFI boot loader. @@ -268,6 +276,10 @@ services.tailscale = { enable = true; extraUpFlags = [ "--accept-routes" ]; useRoutingFeatures = "client"; + }; + services.golink = { + enable = true; + tailscaleAuthKeyFile = config.age.secrets.golink.path; }; services.journald.extraConfig = ''